| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-10846 |
310 |
|
|
2018-08-22 |
2018-11-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. |
|
2 |
CVE-2018-10545 |
200 |
|
Bypass +Info |
2018-04-29 |
2018-12-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. |
|
3 |
CVE-2018-10472 |
200 |
|
+Info |
2018-04-27 |
2018-10-31 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot. |
|
4 |
CVE-2018-2773 |
284 |
|
|
2018-04-18 |
2018-11-27 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
5 |
CVE-2018-0498 |
310 |
|
|
2018-07-28 |
2018-09-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack. |
|
6 |
CVE-2018-0495 |
200 |
|
+Info |
2018-06-13 |
2018-11-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
7 |
CVE-2017-13721 |
264 |
|
|
2017-10-09 |
2017-11-05 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. |
|
8 |
CVE-2017-2624 |
200 |
|
+Info |
2018-07-27 |
2018-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. |
|
9 |
CVE-2016-6130 |
362 |
|
+Info |
2016-07-03 |
2016-11-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability. |
|
10 |
CVE-2016-0668 |
|
|
|
2016-04-21 |
2018-10-30 |
1.7 |
None |
Remote |
High |
Multiple systems |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. |
|
11 |
CVE-2016-0609 |
|
|
|
2016-01-20 |
2018-10-30 |
1.7 |
None |
Remote |
High |
Multiple systems |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. |
|
12 |
CVE-2015-8552 |
20 |
|
DoS |
2016-04-13 |
2017-11-03 |
1.7 |
None |
Local |
Low |
Single system |
None |
None |
Partial |
|
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." |
|
13 |
CVE-2015-7511 |
200 |
|
+Info |
2016-04-19 |
2017-06-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. |
|
14 |
CVE-2015-2830 |
264 |
|
Bypass |
2015-05-27 |
2018-01-04 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. |
|
15 |
CVE-2015-1420 |
362 |
|
Bypass |
2015-03-16 |
2016-12-27 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function. |
|
16 |
CVE-2014-8595 |
17 |
|
DoS +Priv |
2014-11-19 |
2018-10-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. |
|
17 |
CVE-2013-4242 |
200 |
|
+Info |
2013-08-19 |
2018-10-30 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. |
|
18 |
CVE-2010-3310 |
189 |
|
DoS Mem. Corr. |
2010-09-29 |
2018-11-27 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. |
|
19 |
CVE-2006-6614 |
|
|
|
2006-12-17 |
2017-07-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash. |
|
20 |
CVE-2006-0050 |
|
|
|
2006-03-23 |
2017-07-19 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. |
|
21 |
CVE-2001-1331 |
|
|
|
2001-05-03 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. |
|
22 |
CVE-2001-0139 |
|
|
|
2001-03-12 |
2017-10-09 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
|
23 |
CVE-2001-0138 |
|
|
|
2001-03-12 |
2017-10-09 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. |
|
24 |
CVE-2001-0125 |
|
|
|
2001-03-12 |
2017-10-09 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. |
