Max CVSS 10.0 Min CVSS 1.9 Total Count242
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6149 6.8
Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6150 4.3
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6154 6.8
Insufficient data validation in WebGL in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6155 4.3
Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6156 6.8
Incorect derivation of a packet length in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6157 6.8
Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6159 4.3
Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6161 6.8
Insufficient policy enforcement in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6168 4.3
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6171 2.9
Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.
27-06-2019 - 13:26 27-06-2019 - 13:15
CVE-2018-6176 4.6
Insufficient file type enforcement in Extensions API in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted Chrome Extension.
27-06-2019 - 13:25 27-06-2019 - 13:15
CVE-2018-6177 4.3
Information leak in media engine in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
27-06-2019 - 13:25 27-06-2019 - 13:15
CVE-2019-3814 4.9
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
27-03-2019 - 09:29 27-03-2019 - 09:29
CVE-2018-20615 5.0
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are s
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2018-19985 2.1
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitr
21-03-2019 - 12:00 21-03-2019 - 12:00
CVE-2019-3813 5.4
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
04-02-2019 - 13:29 04-02-2019 - 13:29
CVE-2016-10741 4.7
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of
01-02-2019 - 11:29 01-02-2019 - 11:29
CVE-2017-18360 4.9
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
31-01-2019 - 04:29 31-01-2019 - 04:29
CVE-2019-6977 6.8
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This c
26-01-2019 - 21:29 26-01-2019 - 21:29
CVE-2019-6706 5.0
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
23-01-2019 - 14:29 23-01-2019 - 14:29
CVE-2019-2537 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacke
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2534 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2531 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2529 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged at
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2507 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged a
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2503 3.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low p
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2482 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2481 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged a
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2019-2455 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attac
16-01-2019 - 14:30 16-01-2019 - 14:30
CVE-2018-20721 7.5
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
16-01-2019 - 09:29 16-01-2019 - 09:29
CVE-2019-6133 4.4
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendin
11-01-2019 - 09:29 11-01-2019 - 09:29
CVE-2018-6179 4.3
Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a cra
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6178 4.3
Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6175 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6174 6.8
Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6173 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6172 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6170 6.8
A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6169 4.3
Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6167 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6166 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6165 4.3
Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6164 4.3
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6163 4.3
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6162 6.8
Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6160 4.3
JavaScript alert handling in Prompts in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6158 5.1
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6153 6.8
A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-6151 6.8
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2019-5489 2.1
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this af
07-01-2019 - 12:29 07-01-2019 - 12:29
CVE-2018-16884 6.7
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container
18-12-2018 - 17:29 18-12-2018 - 17:29
CVE-2018-18245 3.5
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE.
17-12-2018 - 10:29 17-12-2018 - 10:29
CVE-2018-20169 7.2
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
17-12-2018 - 02:29 17-12-2018 - 02:29
CVE-2018-20145 5.0
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
13-12-2018 - 15:29 13-12-2018 - 15:29
CVE-2018-20103 5.0
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaus
12-12-2018 - 12:29 12-12-2018 - 12:29
CVE-2018-20102 5.0
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-
12-12-2018 - 12:29 12-12-2018 - 12:29
CVE-2018-18397 2.1
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that fil
12-12-2018 - 05:29 12-12-2018 - 05:29
CVE-2018-9568 7.2
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi
06-12-2018 - 09:29 06-12-2018 - 09:29
CVE-2018-19608 1.9
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
05-12-2018 - 17:29 05-12-2018 - 17:29
CVE-2018-18843 7.5
The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.
04-12-2018 - 18:29 04-12-2018 - 18:29
CVE-2018-17976 4.0
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions.
04-12-2018 - 18:29 04-12-2018 - 18:29
CVE-2018-17975 5.0
An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.
04-12-2018 - 18:29 04-12-2018 - 18:29
CVE-2018-17939 5.0
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.
04-12-2018 - 18:29 04-12-2018 - 18:29
CVE-2018-6152 6.8
The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to pote
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-19854 1.9
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sens
04-12-2018 - 11:29 04-12-2018 - 11:29
CVE-2018-6982 4.9
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.
04-12-2018 - 09:29 04-12-2018 - 09:29
CVE-2018-6981 7.2
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below co
04-12-2018 - 09:29 04-12-2018 - 09:29
CVE-2018-19824 4.6
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
03-12-2018 - 12:29 03-12-2018 - 12:29
CVE-2018-16863 9.3
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript d
03-12-2018 - 12:29 03-12-2018 - 12:29
CVE-2018-19788 9.0
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
03-12-2018 - 01:29 03-12-2018 - 01:29
CVE-2018-14637 6.8
The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack.
30-11-2018 - 08:29 30-11-2018 - 08:29
CVE-2018-16862 2.1
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data
26-11-2018 - 14:29 26-11-2018 - 14:29
CVE-2018-19407 4.9
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
20-11-2018 - 19:29 20-11-2018 - 19:29
CVE-2018-14658 5.8
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack
13-11-2018 - 14:29 13-11-2018 - 14:29
CVE-2018-14657 4.3
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.
13-11-2018 - 14:29 13-11-2018 - 14:29
CVE-2018-14655 3.5
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfull
13-11-2018 - 14:29 13-11-2018 - 14:29
CVE-2018-19200 5.0
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
12-11-2018 - 10:29 12-11-2018 - 10:29
CVE-2018-19199 7.5
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
12-11-2018 - 10:29 12-11-2018 - 10:29
CVE-2018-19198 7.5
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
12-11-2018 - 10:29 12-11-2018 - 10:29
CVE-2018-9516 7.2
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for e
07-11-2018 - 06:29 06-11-2018 - 12:29
CVE-2018-9363 7.2
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kerne
07-11-2018 - 06:29 06-11-2018 - 12:29
CVE-2018-0734 4.3
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.
30-10-2018 - 08:29 30-10-2018 - 08:29
CVE-2018-18690 4.9
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_
26-10-2018 - 14:29 26-10-2018 - 14:29
CVE-2018-14625 4.4
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gath
10-09-2018 - 09:29 10-09-2018 - 09:29
CVE-2018-5391 7.8
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments
06-09-2018 - 17:29 06-09-2018 - 17:29
CVE-2018-10902 4.6
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmi
21-08-2018 - 15:29 21-08-2018 - 15:29
CVE-2018-5546 7.2