# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2018-20185 |
125 |
|
DoS |
2018-12-17 |
2019-01-08 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. |
2 |
CVE-2018-19489 |
362 |
|
DoS |
2018-12-13 |
2019-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. |
3 |
CVE-2018-18358 |
20 |
|
|
2018-12-11 |
2019-01-02 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file. |
4 |
CVE-2018-15594 |
254 |
|
|
2018-08-20 |
2018-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. |
5 |
CVE-2018-15572 |
254 |
|
|
2018-08-19 |
2018-10-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. |
6 |
CVE-2018-12893 |
264 |
|
DoS |
2018-07-02 |
2018-11-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users. |
7 |
CVE-2018-12383 |
200 |
|
+Info |
2018-10-18 |
2018-12-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. |
8 |
CVE-2018-8754 |
125 |
|
|
2018-03-17 |
2018-08-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
** DISPUTED ** The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub. |
9 |
CVE-2018-1106 |
287 |
|
Bypass |
2018-04-23 |
2018-07-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system. |
10 |
CVE-2018-1050 |
20 |
|
DoS |
2018-03-13 |
2018-11-30 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. |
11 |
CVE-2017-17864 |
200 |
|
+Info |
2017-12-27 |
2018-01-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." |
12 |
CVE-2017-17741 |
125 |
|
+Info |
2017-12-18 |
2018-04-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. |
13 |
CVE-2017-16611 |
254 |
|
|
2017-12-01 |
2018-01-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. |
14 |
CVE-2017-15417 |
119 |
|
Overflow |
2018-08-28 |
2018-11-07 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
15 |
CVE-2017-13088 |
254 |
|
|
2017-10-17 |
2018-07-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. |
16 |
CVE-2017-13087 |
254 |
|
|
2017-10-17 |
2018-05-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. |
17 |
CVE-2017-13081 |
254 |
|
|
2017-10-17 |
2018-11-13 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
18 |
CVE-2017-13080 |
254 |
|
|
2017-10-17 |
2018-11-13 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. |
19 |
CVE-2017-13079 |
254 |
|
|
2017-10-17 |
2018-11-13 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
20 |
CVE-2017-13078 |
254 |
|
|
2017-10-17 |
2018-11-13 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. |
21 |
CVE-2017-5081 |
20 |
|
|
2017-10-27 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. |
22 |
CVE-2017-0365 |
79 |
|
XSS |
2018-04-13 |
2018-05-14 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. |
23 |
CVE-2017-0361 |
200 |
|
+Info |
2018-04-13 |
2018-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. |
24 |
CVE-2016-9963 |
320 |
|
|
2017-02-01 |
2017-02-15 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. |
25 |
CVE-2016-7056 |
320 |
|
|
2018-09-10 |
2019-01-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. |
26 |
CVE-2016-5293 |
20 |
|
|
2018-06-11 |
2018-07-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. |
27 |
CVE-2016-3712 |
|
|
DoS Overflow |
2016-05-11 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. |
28 |
CVE-2016-2057 |
264 |
|
|
2016-04-13 |
2018-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue. |
29 |
CVE-2016-1693 |
284 |
|
|
2016-06-05 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. |
30 |
CVE-2016-1670 |
362 |
|
|
2016-05-14 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. |
31 |
CVE-2015-8035 |
399 |
|
DoS |
2015-11-18 |
2017-09-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. |
32 |
CVE-2015-4171 |
200 |
|
+Info |
2015-06-10 |
2017-11-07 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. |
33 |
CVE-2015-3340 |
200 |
|
+Info |
2015-04-28 |
2018-10-30 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. |
34 |
CVE-2015-2157 |
200 |
|
+Info |
2015-03-27 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. |
35 |
CVE-2015-2047 |
287 |
|
Bypass |
2015-02-23 |
2016-11-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value. |
36 |
CVE-2015-2045 |
200 |
|
+Info |
2015-03-12 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. |
37 |
CVE-2015-0858 |
59 |
|
|
2016-05-06 |
2016-05-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. |
38 |
CVE-2015-0418 |
|
|
|
2015-01-21 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377. |
39 |
CVE-2014-9269 |
79 |
|
XSS |
2015-01-09 |
2017-01-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie. |
40 |
CVE-2014-7824 |
399 |
|
DoS |
2014-11-18 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1. |
41 |
CVE-2014-5270 |
200 |
|
+Info |
2014-10-09 |
2017-11-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. |
42 |
CVE-2014-5240 |
79 |
|
XSS |
2014-08-18 |
2015-11-25 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL. |
43 |
CVE-2014-3640 |
476 |
|
DoS |
2014-11-07 |
2017-11-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and address, which triggers access of an uninitialized socket. |
44 |
CVE-2014-3533 |
20 |
|
DoS |
2014-07-19 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. |
45 |
CVE-2014-3532 |
20 |
|
DoS |
2014-07-19 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. |
46 |
CVE-2014-2079 |
264 |
|
Bypass |
2018-07-16 |
2018-09-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares. |
47 |
CVE-2013-7458 |
200 |
|
+Info |
2016-08-10 |
2018-08-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. |
48 |
CVE-2013-7421 |
264 |
|
|
2015-03-02 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. |
49 |
CVE-2013-5724 |
264 |
|
|
2013-09-12 |
2013-09-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations. |
50 |
CVE-2013-4969 |
59 |
|
|
2014-01-07 |
2018-12-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. |