| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000164 |
93 |
|
|
2018-04-18 |
2018-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. |
|
2 |
CVE-2018-1000156 |
20 |
|
Exec Code |
2018-04-06 |
2018-05-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. |
|
3 |
CVE-2018-1000140 |
119 |
|
Exec Code Overflow |
2018-03-23 |
2018-05-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. |
|
4 |
CVE-2018-1000132 |
284 |
|
|
2018-03-14 |
2018-04-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. |
|
5 |
CVE-2018-1000127 |
190 |
|
Overflow |
2018-03-13 |
2018-04-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. |
|
6 |
CVE-2018-1000122 |
119 |
|
DoS Overflow +Info |
2018-03-14 |
2018-05-25 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage |
|
7 |
CVE-2018-1000121 |
476 |
|
DoS |
2018-03-14 |
2018-05-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service |
|
8 |
CVE-2018-1000120 |
787 |
|
DoS Overflow |
2018-03-14 |
2018-05-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. |
|
9 |
CVE-2018-1000116 |
119 |
|
Exec Code Overflow |
2018-03-07 |
2018-03-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. |
|
10 |
CVE-2018-1000097 |
119 |
|
Exec Code Overflow |
2018-03-12 |
2018-04-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.. |
|
11 |
CVE-2018-1000085 |
125 |
|
|
2018-03-13 |
2018-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. |
|
12 |
CVE-2018-1000078 |
79 |
|
XSS |
2018-03-13 |
2018-04-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. |
|
13 |
CVE-2018-1000077 |
20 |
|
|
2018-03-13 |
2018-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. |
|
14 |
CVE-2018-1000076 |
347 |
|
|
2018-03-13 |
2018-04-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. |
|
15 |
CVE-2018-1000075 |
400 |
|
|
2018-03-13 |
2018-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. |
|
16 |
CVE-2018-1000041 |
255 |
|
|
2018-02-09 |
2018-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. |
|
17 |
CVE-2018-1000027 |
476 |
|
DoS |
2018-02-09 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. |
|
18 |
CVE-2018-1000024 |
19 |
|
DoS |
2018-02-09 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later. |
|
19 |
CVE-2018-1000007 |
200 |
|
+Info |
2018-01-24 |
2018-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. |
|
20 |
CVE-2018-1000005 |
125 |
|
|
2018-01-24 |
2018-03-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. |
|
21 |
CVE-2018-10194 |
119 |
|
DoS Overflow |
2018-04-18 |
2018-05-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. |
|
22 |
CVE-2018-10120 |
119 |
|
DoS Overflow |
2018-04-16 |
2018-05-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. |
|
23 |
CVE-2018-10119 |
416 |
|
DoS |
2018-04-16 |
2018-05-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. |
|
24 |
CVE-2018-10102 |
79 |
|
XSS |
2018-04-16 |
2018-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. |
|
25 |
CVE-2018-10101 |
601 |
|
|
2018-04-16 |
2018-05-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. |
|
26 |
CVE-2018-10100 |
601 |
|
|
2018-04-16 |
2018-05-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. |
|
27 |
CVE-2018-9846 |
20 |
|
|
2018-04-07 |
2018-05-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism. |
|
28 |
CVE-2018-9018 |
369 |
|
DoS |
2018-03-25 |
2018-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
|
29 |
CVE-2018-8828 |
119 |
|
Overflow |
2018-03-20 |
2018-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c. |
|
30 |
CVE-2018-8780 |
22 |
|
Dir. Trav. |
2018-04-03 |
2018-05-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. |
|
31 |
CVE-2018-8779 |
20 |
|
|
2018-04-03 |
2018-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. |
|
32 |
CVE-2018-8778 |
200 |
|
+Info |
2018-04-03 |
2018-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. |
|
33 |
CVE-2018-8777 |
399 |
|
DoS |
2018-04-03 |
2018-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). |
|
34 |
CVE-2018-8764 |
352 |
|
CSRF |
2018-03-27 |
2018-04-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. |
|
35 |
CVE-2018-8763 |
79 |
|
XSS |
2018-03-27 |
2018-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. |
|
36 |
CVE-2018-8754 |
119 |
|
Overflow |
2018-03-17 |
2018-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. |
|
37 |
CVE-2018-8741 |
22 |
|
Dir. Trav. |
2018-03-17 |
2018-04-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php. |
|
38 |
CVE-2018-8048 |
79 |
|
XSS |
2018-03-27 |
2018-04-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. |
|
39 |
CVE-2018-7998 |
362 |
|
DoS |
2018-03-09 |
2018-03-27 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. |
|
40 |
CVE-2018-7877 |
119 |
|
DoS Overflow |
2018-03-08 |
2018-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack. |
|
41 |
CVE-2018-7876 |
399 |
|
DoS |
2018-03-08 |
2018-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. |
|
42 |
CVE-2018-7875 |
119 |
|
DoS Overflow |
2018-03-08 |
2018-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. |
|
43 |
CVE-2018-7874 |
119 |
|
DoS Overflow |
2018-03-08 |
2018-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. |
|
44 |
CVE-2018-7873 |
119 |
|
DoS Overflow |
2018-03-08 |
2018-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack. |
|
45 |
CVE-2018-7872 |
119 |
|
DoS Overflow |
2018-03-08 |
2018-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. |
|
46 |
CVE-2018-7871 |
119 |
|
DoS Overflow |
2018-03-08 |
2018-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact. |
|
47 |
CVE-2018-7870 |
119 |
|
DoS Overflow |
2018-03-08 |
2018-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. |
|
48 |
CVE-2018-7869 |
399 |
|
DoS |
2018-03-08 |
2018-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack. |
|
49 |
CVE-2018-7868 |
119 |
|
DoS Overflow |
2018-03-08 |
2018-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. |
|
50 |
CVE-2018-7867 |
119 |
|
DoS Overflow |
2018-03-08 |
2018-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack. |
