CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1002100 2018-06-01 2018-06-01
0.0
None ??? ??? ??? ??? ??? ???
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
2 CVE-2018-1000400 2018-05-18 2018-05-25
0.0
None ??? ??? ??? ??? ??? ???
Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.
3 CVE-2018-1000301 DoS 2018-05-24 2018-05-25
0.0
None ??? ??? ??? ??? ??? ???
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
4 CVE-2018-1000300 DoS Overflow 2018-05-24 2018-05-25
0.0
None ??? ??? ??? ??? ??? ???
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
5 CVE-2018-1000203 2018-06-06 2018-06-06
0.0
None ??? ??? ??? ??? ??? ???
Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed.
6 CVE-2018-1000202 XSS 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions.
7 CVE-2018-1000200 2018-06-05 2018-06-07
0.0
None ??? ??? ??? ??? ??? ???
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exit_mmap(), which calls munlock_vma_pages_all() for mlocked vmas.This can happen synchronously with the oom reaper's unmap_page_range() since the vma's VM_LOCKED bit is cleared before munlocking (to determine if any other vmas share the memory and are mlocked).
8 CVE-2018-1000199 Exec Code Mem. Corr. 2018-05-24 2018-05-29
0.0
None ??? ??? ??? ??? ??? ???
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
9 CVE-2018-1000198 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make Jenkins process XML eternal entities in an XML document.
10 CVE-2018-1000197 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.
11 CVE-2018-1000196 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.
12 CVE-2018-1000195 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not.
13 CVE-2018-1000194 Bypass 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
14 CVE-2018-1000193 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI.
15 CVE-2018-1000192 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins.
16 CVE-2018-1000191 +Info 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
17 CVE-2018-1000190 +Info 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
18 CVE-2018-1000189 Exec Code 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master.
19 CVE-2018-1000188 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
20 CVE-2018-1000187 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs.
21 CVE-2018-1000186 +Info 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
22 CVE-2018-1000185 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
23 CVE-2018-1000184 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
24 CVE-2018-1000183 +Info 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
25 CVE-2018-1000182 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.
26 CVE-2018-1000181 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure.
27 CVE-2018-1000180 2018-06-05 2018-06-05
0.0
None ??? ??? ??? ??? ??? ???
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
28 CVE-2018-1000155 DoS 2018-05-24 2018-05-24
0.0
None ??? ??? ??? ??? ??? ???
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.
29 CVE-2018-1000128 Exec Code Overflow 2018-03-13 2018-03-13
0.0
None ??? ??? ??? ??? ??? ???
GPAC MP4Box version prior to commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4 contains a Buffer Overflow vulnerability in src/media_tools/av_parsers.c, lines 2387-2388: https://github.com/gpac/gpac/blob/84c4e606a1f906cd4b07ad94d19cea2b668f64ad/src/media_tools/av_parsers.c#L2387-L2388 that can result in may allow an attacker to achieve remote code execution. This attack appear to be exploitable via The victim must open a specially crafted MP4 file. This vulnerability appears to have been fixed in after commit 90dc7f853d31b0a4e9441cba97feccf36d8b69a4.
30 CVE-2018-1000040 DoS 2018-05-24 2018-05-24
0.0
None ??? ??? ??? ??? ??? ???
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
31 CVE-2018-1000039 DoS Exec Code 2018-05-24 2018-05-24
0.0
None ??? ??? ??? ??? ??? ???
In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
32 CVE-2018-1000038 Exec Code Overflow 2018-05-24 2018-05-24
0.0
None ??? ??? ??? ??? ??? ???
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
33 CVE-2018-1000037 DoS 2018-05-24 2018-05-24
0.0
None ??? ??? ??? ??? ??? ???
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
34 CVE-2018-1000036 DoS 2018-05-24 2018-05-24
0.0
None ??? ??? ??? ??? ??? ???
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
35 CVE-2018-1000016 XSS 2018-01-23 2018-01-23
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Ant Plugin 1.7 and earlier failed to escape tool names it shows on job configuration screens, resulting in a cross-site scripting vulnerability that is exploitable only by Jenkins administrators.
36 CVE-2018-12534 Sql 2018-06-18 2018-06-18
0.0
None ??? ??? ??? ??? ??? ???
A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress.
37 CVE-2018-12533 Exec Code 2018-06-18 2018-06-18
0.0
None ??? ??? ??? ??? ??? ???
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
38 CVE-2018-12532 Exec Code 2018-06-18 2018-06-18
0.0
None ??? ??? ??? ??? ??? ???
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
39 CVE-2018-12531 2018-06-18 2018-06-18
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into config_db.php, a different vulnerability than CVE-2018-7271.
40 CVE-2018-12530 Dir. Trav. CSRF 2018-06-18 2018-06-18
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.
41 CVE-2018-12525 2018-06-18 2018-06-18
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
42 CVE-2018-12524 2018-06-18 2018-06-18
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.
43 CVE-2018-12523 2018-06-18 2018-06-18
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
44 CVE-2018-12522 2018-06-18 2018-06-18
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
45 CVE-2018-12504 2018-06-16 2018-06-16
0.0
None ??? ??? ??? ??? ??? ???
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h.
46 CVE-2018-12503 2018-06-16 2018-06-16
0.0
None ??? ??? ??? ??? ??? ???
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h.
47 CVE-2018-12501 XSS 2018-06-16 2018-06-16
0.0
None ??? ??? ??? ??? ??? ???
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335.
48 CVE-2018-12498 Sql 2018-06-15 2018-06-15
0.0
None ??? ??? ??? ??? ??? ???
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
49 CVE-2018-12495 DoS 2018-06-15 2018-06-15
0.0
None ??? ??? ??? ??? ??? ???
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
50 CVE-2018-12494 Dir. Trav. 2018-06-15 2018-06-15
0.0
None ??? ??? ??? ??? ??? ???
An issue discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.
Total number of vulnerabilities : 1974   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.