| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1002200 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
2 |
CVE-2018-1000801 |
22 |
|
Dir. Trav. |
2018-09-06 |
2018-11-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 |
|
3 |
CVE-2018-1000528 |
79 |
|
XSS |
2018-06-26 |
2018-08-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001. |
|
4 |
CVE-2018-1000199 |
388 |
|
Exec Code Mem. Corr. |
2018-05-24 |
2018-06-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. |
|
5 |
CVE-2018-1000085 |
125 |
|
|
2018-03-13 |
2018-10-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. |
|
6 |
CVE-2018-1000078 |
79 |
|
XSS |
2018-03-13 |
2018-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. |
|
7 |
CVE-2018-1000041 |
255 |
|
|
2018-02-09 |
2018-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. |
|
8 |
CVE-2018-20622 |
399 |
|
|
2018-12-31 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. |
|
9 |
CVE-2018-20584 |
119 |
|
DoS Overflow |
2018-12-30 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format, as demonstrated by 00 00 00 0c 6a 50 20 20 0d 0a 87 0a 00 00 00 14 66 74 79 70 6a 70 32 20 00 00 00 00 6a 70 32 20 00 00 00 2d 6a 70 32 68 00 00 00 16 69 68 64 72 00 00 00 20 00 00 00 20 00 03 07 07 00 00 00 00 00 0f 63 6f 6c 72 01 00 00 00 00 00 10 00 00 00 d8 6a 70 32 63 ff 4f ff 51 00 2f 00 00 00 08 00 20 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 20 00 00 00 00 00 00 00 00 00 03 07 01 01 07 01 01 07 01 01 ff 52 00 0c 00 00 00 01 01 00 04 04 00 01 ff 5c 00 04 40 40 ff 64 00 25 00 01 43 72 65 61 74 65 64 20 62 79 20 4f 70 65 6e 4a 50 45 47 20 76 65 72 73 69 6f 6e 20 32 2e 31 2e 30 ff 90 00 0a 00 00 00 00 00 60 00 01 ff 93 dc d7 00 18 80 0e 21 bf fc 2e ea b2 37 ce db f3 05 52 3f 43 2d 2b dd d7 64 c4 3d 67 ff 72 ab 35 2b f8 43 ca b3 5f ca d9 24 85 b4 59 5c 8d 25 fd 77 80 cb 78 1d 87 60 d6 f8 28 6e 8f 65 45 25 ea ff 5d bf 1a 71 13 10 a9 de e4 dd 6b 41 f7 38 dc 66 4f ff d9. |
|
10 |
CVE-2018-20570 |
125 |
|
|
2018-12-28 |
2019-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. |
|
11 |
CVE-2018-20547 |
190 |
|
|
2018-12-28 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. |
|
12 |
CVE-2018-20546 |
190 |
|
|
2018-12-28 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. |
|
13 |
CVE-2018-20544 |
369 |
|
|
2018-12-28 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. |
|
14 |
CVE-2018-20431 |
476 |
|
|
2018-12-24 |
2019-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. |
|
15 |
CVE-2018-20430 |
125 |
|
|
2018-12-24 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. |
|
16 |
CVE-2018-20189 |
20 |
|
DoS |
2018-12-17 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. |
|
17 |
CVE-2018-20184 |
119 |
|
DoS Overflow |
2018-12-17 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. |
|
18 |
CVE-2018-19869 |
20 |
|
|
2018-12-26 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. |
|
19 |
CVE-2018-19787 |
79 |
|
XSS |
2018-12-02 |
2018-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. |
|
20 |
CVE-2018-19777 |
400 |
|
|
2018-11-30 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. |
|
21 |
CVE-2018-19497 |
125 |
|
DoS |
2018-11-29 |
2018-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). |
|
22 |
CVE-2018-19478 |
20 |
|
|
2019-01-02 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. |
|
23 |
CVE-2018-19206 |
79 |
|
XSS |
2018-11-12 |
2018-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. |
|
24 |
CVE-2018-19132 |
399 |
|
DoS |
2018-11-09 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. |
|
25 |
CVE-2018-18718 |
415 |
|
|
2018-10-29 |
2018-12-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. |
|
26 |
CVE-2018-18607 |
476 |
|
DoS |
2018-10-23 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
27 |
CVE-2018-18606 |
476 |
|
DoS |
2018-10-23 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
28 |
CVE-2018-18605 |
119 |
|
DoS Overflow |
2018-10-23 |
2018-12-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
29 |
CVE-2018-18584 |
787 |
|
|
2018-10-22 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. |
|
30 |
CVE-2018-18357 |
20 |
|
|
2018-12-11 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
|
31 |
CVE-2018-18355 |
20 |
|
|
2018-12-11 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
|
32 |
CVE-2018-18353 |
18 |
|
|
2018-12-11 |
2018-12-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page. |
|
33 |
CVE-2018-18352 |
264 |
|
Bypass |
2018-12-11 |
2018-12-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page. |
|
34 |
CVE-2018-18351 |
20 |
|
Bypass |
2018-12-11 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page. |
|
35 |
CVE-2018-18350 |
19 |
|
Bypass |
2018-12-11 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
|
36 |
CVE-2018-18349 |
264 |
|
|
2018-12-11 |
2019-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. |
|
37 |
CVE-2018-18348 |
20 |
|
|
2018-12-11 |
2018-12-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
|
38 |
CVE-2018-18346 |
20 |
|
|
2018-12-11 |
2018-12-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. |
|
39 |
CVE-2018-18345 |
254 |
|
Bypass |
2018-12-11 |
2018-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page. |
|
40 |
CVE-2018-18344 |
20 |
|
|
2018-12-11 |
2019-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension. |
|
41 |
CVE-2018-18088 |
476 |
|
|
2018-10-09 |
2018-11-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c |
|
42 |
CVE-2018-18073 |
200 |
|
Bypass +Info |
2018-10-15 |
2018-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. |
|
43 |
CVE-2018-18065 |
476 |
|
DoS |
2018-10-08 |
2018-11-26 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. |
|
44 |
CVE-2018-17477 |
20 |
|
|
2018-11-14 |
2018-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page. |
|
45 |
CVE-2018-17476 |
20 |
|
|
2018-11-14 |
2018-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. |
|
46 |
CVE-2018-17475 |
20 |
|
|
2018-11-14 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
|
47 |
CVE-2018-17473 |
20 |
|
|
2018-11-14 |
2018-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. |
|
48 |
CVE-2018-17471 |
20 |
|
|
2018-11-14 |
2018-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page. |
|
49 |
CVE-2018-17470 |
119 |
|
Overflow |
2019-01-09 |
2019-01-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
|
50 |
CVE-2018-17468 |
200 |
|
+Info |
2018-11-14 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. |
