CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8851 CVE-2018-1141 732 2018-03-20 2019-10-02
4.4
None Local Medium Not required Partial Partial Partial
When installing Nessus to a directory outside of the default location, Nessus versions prior to 7.0.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location.
8852 CVE-2018-1140 20 DoS 2018-08-22 2019-10-09
3.3
None Local Network Low Not required None None Partial
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable
8853 CVE-2018-1139 522 2018-08-22 2019-10-09
4.3
None Remote Medium Not required Partial None None
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.
8854 CVE-2018-1136 79 XSS 2018-05-25 2019-10-02
4.0
None Remote Low Single system Partial None None
An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
8855 CVE-2018-1135 200 +Info 2018-05-25 2018-06-25
4.0
None Remote Low Single system Partial None None
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
8856 CVE-2018-1134 269 2018-05-25 2019-10-02
4.0
None Remote Low Single system Partial None None
An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
8857 CVE-2018-1130 476 DoS 2018-05-10 2019-10-09
4.9
None Local Low Not required None None Complete
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
8858 CVE-2018-1129 287 Bypass 2018-07-10 2019-08-28
3.3
None Local Network Low Not required None Partial None
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
8859 CVE-2018-1124 190 Exec Code Overflow 2018-05-23 2019-07-30
4.6
None Local Low Not required Partial Partial Partial
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
8860 CVE-2018-1122 2018-05-23 2019-10-02
4.4
None Local Medium Not required Partial Partial Partial
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
8861 CVE-2018-1121 362 2018-06-13 2019-10-09
4.3
None Remote Medium Not required None Partial None
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.
8862 CVE-2018-1120 119 DoS Overflow 2018-06-20 2019-10-09
3.5
None Remote Medium Single system None None Partial
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
8863 CVE-2018-1118 200 +Info 2018-05-10 2019-10-09
2.1
None Local Low Not required Partial None None
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
8864 CVE-2018-1116 200 +Info 2018-07-10 2019-10-09
3.6
None Local Low Not required Partial None Partial
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
8865 CVE-2018-1114 400 2018-09-11 2019-10-09
4.0
None Remote Low Single system None None Partial
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
8866 CVE-2018-1113 732 2018-07-02 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.
8867 CVE-2018-1108 310 2018-05-21 2018-08-29
4.3
None Remote Medium Not required None Partial None
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
8868 CVE-2018-1106 287 Bypass 2018-04-23 2019-10-09
2.1
None Local Low Not required None Partial None
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
8869 CVE-2018-1103 20 2018-06-12 2019-10-09
4.3
None Remote Medium Not required None Partial None
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
8870 CVE-2018-1099 20 2018-04-03 2019-05-06
2.1
None Local Low Not required None Partial None
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
8871 CVE-2018-1097 200 +Info 2018-04-04 2019-10-09
4.0
None Remote Low Single system Partial None None
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
8872 CVE-2018-1096 89 Sql 2018-04-05 2019-10-09
4.0
None Remote Low Single system Partial None None
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
8873 CVE-2018-1091 119 DoS Overflow 2018-03-27 2018-05-09
4.9
None Local Low Not required None None Complete
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.
8874 CVE-2018-1087 2018-05-15 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.
8875 CVE-2018-1079 22 Dir. Trav. 2018-04-12 2019-10-09
4.0
None Remote Low Single system None Partial None
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
8876 CVE-2018-1075 522 2018-06-12 2019-10-09
2.1
None Local Low Not required Partial None None
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords.
8877 CVE-2018-1074 522 2018-04-26 2019-10-09
4.0
None Remote Low Single system Partial None None
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
8878 CVE-2018-1071 119 DoS Overflow 2018-03-09 2019-10-09
2.1
None Local Low Not required None None Partial
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
8879 CVE-2018-1065 476 DoS 2018-03-02 2018-10-31
4.7
None Local Medium Not required None None Complete
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.
8880 CVE-2018-1063 59 2018-03-02 2018-04-11
3.3
None Local Medium Not required Partial Partial None
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
8881 CVE-2018-1062 200 +Info 2018-03-06 2019-10-09
3.5
None Remote Medium Single system Partial None None
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
8882 CVE-2018-1059 200 +Info 2018-04-24 2018-08-21
2.9
None Local Network Medium Not required Partial None None
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
8883 CVE-2018-1053 732 2018-02-09 2019-10-09
3.3
None Local Medium Not required Partial Partial None
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.
8884 CVE-2018-1052 200 +Info 2018-02-09 2019-10-09
4.0
None Remote Low Single system Partial None None
Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table.
8885 CVE-2018-1050 20 DoS 2018-03-13 2019-04-09
2.9
None Local Network Medium Not required None None Partial
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
8886 CVE-2018-1049 362 DoS 2018-02-16 2019-10-09
4.3
None Remote Medium Not required None None Partial
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
8887 CVE-2018-1047 22 Dir. Trav. 2018-01-24 2019-10-09
2.1
None Local Low Not required Partial None None
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
8888 CVE-2018-1045 79 XSS 2018-01-22 2018-02-05
3.5
None Remote Medium Single system None Partial None
In Moodle 3.x, there is XSS via a calendar event name.
8889 CVE-2018-1044 200 +Info 2018-01-22 2018-02-05
4.0
None Remote Low Single system Partial None None
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
8890 CVE-2018-1043 Bypass 2018-01-22 2019-10-02
4.0
None Remote Low Single system None Partial None
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
8891 CVE-2018-1042 918 2018-01-22 2019-07-27
4.0
None Remote Low Single system Partial None None
Moodle 3.x has Server Side Request Forgery in the filepicker.
8892 CVE-2018-1039 Bypass 2018-05-09 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
8893 CVE-2018-1037 200 +Info 2018-04-11 2018-05-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
8894 CVE-2018-1035 Bypass 2018-04-18 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers.
8895 CVE-2018-1034 79 XSS 2018-04-11 2019-10-02
3.5
None Remote Medium Single system None Partial None
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1032.
8896 CVE-2018-1032 79 XSS 2018-04-11 2019-10-02
3.5
None Remote Medium Single system None Partial None
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1034.
8897 CVE-2018-1025 200 +Info 2018-05-09 2018-06-05
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.
8898 CVE-2018-1021 200 +Info 2018-05-09 2018-06-05
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.
8899 CVE-2018-1014 79 XSS 2018-04-11 2019-10-02
4.9
None Remote Medium Single system Partial Partial None
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034.
8900 CVE-2018-1007 200 +Info 2018-04-11 2018-05-16
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950.
Total number of vulnerabilities : 37928   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 (This Page)179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.