| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000671 |
601 |
|
XSS |
2018-09-06 |
2018-11-02 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. |
|
2 |
CVE-2018-1000180 |
310 |
|
|
2018-06-05 |
2018-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. |
|
3 |
CVE-2018-1000179 |
476 |
|
DoS |
2018-05-08 |
2018-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. |
|
4 |
CVE-2018-1000164 |
93 |
|
|
2018-04-18 |
2018-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. |
|
5 |
CVE-2018-1000127 |
190 |
|
Overflow |
2018-03-13 |
2018-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. |
|
6 |
CVE-2018-1000121 |
476 |
|
DoS |
2018-03-14 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service |
|
7 |
CVE-2018-1000077 |
20 |
|
|
2018-03-13 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. |
|
8 |
CVE-2018-1000075 |
400 |
|
|
2018-03-13 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. |
|
9 |
CVE-2018-1000027 |
476 |
|
DoS |
2018-02-09 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. |
|
10 |
CVE-2018-1000024 |
19 |
|
DoS |
2018-02-09 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later. |
|
11 |
CVE-2018-1000007 |
200 |
|
+Info |
2018-01-24 |
2018-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. |
|
12 |
CVE-2018-17962 |
119 |
|
Overflow |
2018-10-09 |
2018-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. |
|
13 |
CVE-2018-17540 |
119 |
|
Overflow |
2018-10-03 |
2018-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. |
|
14 |
CVE-2018-16949 |
400 |
|
|
2018-09-11 |
2018-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values and consume server resources waiting for those inputs, denying service to other valid connections. |
|
15 |
CVE-2018-16948 |
200 |
|
+Info |
2018-09-11 |
2018-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several RPC server routines did not fully initialize their output variables before returning, leaking memory contents from both the stack and the heap. Because the OpenAFS cache manager functions as an Rx server for the AFSCB service, clients are also susceptible to information leakage. For example, RXAFSCB_TellMeAboutYourself leaks kernel memory and KAM_ListEntry leaks kaserver memory. |
|
16 |
CVE-2018-16587 |
20 |
|
|
2018-09-27 |
2018-11-21 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to. |
|
17 |
CVE-2018-16058 |
74 |
|
|
2018-08-29 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure. |
|
18 |
CVE-2018-16057 |
74 |
|
|
2018-08-29 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations. |
|
19 |
CVE-2018-16056 |
74 |
|
|
2018-08-29 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists. |
|
20 |
CVE-2018-15599 |
200 |
|
+Info |
2018-08-20 |
2018-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. |
|
21 |
CVE-2018-15501 |
125 |
|
|
2018-08-17 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS. |
|
22 |
CVE-2018-15473 |
200 |
|
+Info |
2018-08-17 |
2018-12-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. |
|
23 |
CVE-2018-14912 |
22 |
|
Dir. Trav. |
2018-08-03 |
2018-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. |
|
24 |
CVE-2018-14883 |
190 |
|
Overflow |
2018-08-03 |
2018-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. |
|
25 |
CVE-2018-14624 |
20 |
|
|
2018-09-06 |
2018-11-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. |
|
26 |
CVE-2018-14622 |
769 |
|
|
2018-08-30 |
2018-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. |
|
27 |
CVE-2018-14598 |
20 |
|
Overflow |
2018-08-24 |
2018-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). |
|
28 |
CVE-2018-14574 |
601 |
|
|
2018-08-03 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. |
|
29 |
CVE-2018-14404 |
476 |
|
DoS |
2018-07-19 |
2018-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. |
|
30 |
CVE-2018-14369 |
20 |
|
|
2018-07-18 |
2018-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. |
|
31 |
CVE-2018-14363 |
19 |
|
|
2018-07-17 |
2018-09-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. |
|
32 |
CVE-2018-14355 |
22 |
|
Dir. Trav. |
2018-07-17 |
2018-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. |
|
33 |
CVE-2018-14348 |
200 |
|
+Info |
2018-08-14 |
2018-10-12 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. |
|
34 |
CVE-2018-14343 |
190 |
|
|
2018-07-18 |
2018-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. |
|
35 |
CVE-2018-14340 |
125 |
|
|
2018-07-18 |
2018-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. |
|
36 |
CVE-2018-14339 |
119 |
|
Overflow |
2018-07-18 |
2018-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. |
|
37 |
CVE-2018-14056 |
22 |
|
Dir. Trav. |
2018-07-14 |
2018-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. |
|
38 |
CVE-2018-13054 |
59 |
|
|
2018-07-02 |
2018-09-04 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content. |
|
39 |
CVE-2018-12386 |
704 |
|
Exec Code |
2018-10-18 |
2018-12-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. |
|
40 |
CVE-2018-12020 |
19 |
|
|
2018-06-08 |
2018-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
|
41 |
CVE-2018-10927 |
20 |
|
DoS +Info |
2018-09-04 |
2018-11-06 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. |
|
42 |
CVE-2018-10925 |
285 |
|
|
2018-08-09 |
2018-10-31 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. |
|
43 |
CVE-2018-10923 |
20 |
|
|
2018-09-04 |
2018-11-14 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. |
|
44 |
CVE-2018-10911 |
502 |
|
|
2018-09-04 |
2018-11-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. |
|
45 |
CVE-2018-10887 |
125 |
|
DoS Overflow |
2018-07-10 |
2018-09-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. |
|
46 |
CVE-2018-10859 |
200 |
|
+Info |
2018-07-16 |
2018-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex |
|
47 |
CVE-2018-10857 |
200 |
|
+Info |
2018-07-16 |
2018-09-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN. |
|
48 |
CVE-2018-10852 |
200 |
|
+Info |
2018-06-26 |
2018-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. |
|
49 |
CVE-2018-10811 |
665 |
|
DoS |
2018-06-19 |
2018-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. |
|
50 |
CVE-2018-10583 |
200 |
|
+Info |
2018-05-01 |
2018-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. |
