| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1002200 |
22 |
|
Dir. Trav. |
2018-07-25 |
2018-09-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. |
|
2 |
CVE-2018-1002105 |
388 |
|
|
2018-12-05 |
2018-12-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. |
|
3 |
CVE-2018-1000199 |
388 |
|
Exec Code Mem. Corr. |
2018-05-24 |
2018-06-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. |
|
4 |
CVE-2018-1000156 |
20 |
|
Exec Code |
2018-04-06 |
2018-06-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. |
|
5 |
CVE-2018-19139 |
399 |
|
|
2018-11-09 |
2018-12-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. |
|
6 |
CVE-2018-18751 |
415 |
|
|
2018-10-29 |
2018-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. |
|
7 |
CVE-2018-18438 |
190 |
|
Overflow |
2018-10-19 |
2018-12-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. |
|
8 |
CVE-2018-17962 |
119 |
|
Overflow |
2018-10-09 |
2018-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. |
|
9 |
CVE-2018-16542 |
388 |
|
|
2018-09-05 |
2018-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. |
|
10 |
CVE-2018-16540 |
416 |
|
|
2018-09-05 |
2018-11-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. |
|
11 |
CVE-2018-16509 |
264 |
|
Exec Code |
2018-09-05 |
2018-12-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. |
|
12 |
CVE-2018-16435 |
190 |
|
Overflow |
2018-09-03 |
2018-11-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. |
|
13 |
CVE-2018-15967 |
264 |
|
|
2018-09-25 |
2018-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. |
|
14 |
CVE-2018-15910 |
704 |
|
Exec Code |
2018-08-27 |
2018-11-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. |
|
15 |
CVE-2018-15908 |
254 |
|
Bypass |
2018-08-27 |
2018-11-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. |
|
16 |
CVE-2018-15688 |
119 |
|
Overflow |
2018-10-26 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. |
|
17 |
CVE-2018-14659 |
400 |
|
DoS |
2018-10-31 |
2018-12-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. |
|
18 |
CVE-2018-14651 |
59 |
|
DoS Exec Code |
2018-10-31 |
2018-12-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. |
|
19 |
CVE-2018-14648 |
399 |
|
DoS |
2018-09-28 |
2018-11-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. |
|
20 |
CVE-2018-14645 |
125 |
|
DoS |
2018-09-21 |
2018-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. |
|
21 |
CVE-2018-14642 |
200 |
|
+Info |
2018-09-18 |
2018-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests. |
|
22 |
CVE-2018-14638 |
415 |
|
DoS |
2018-09-14 |
2018-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. |
|
23 |
CVE-2018-14635 |
20 |
|
DoS Bypass |
2018-09-10 |
2018-12-06 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable. |
|
24 |
CVE-2018-14634 |
190 |
|
Overflow |
2018-09-25 |
2018-11-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. |
|
25 |
CVE-2018-14624 |
20 |
|
|
2018-09-06 |
2018-11-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. |
|
26 |
CVE-2018-14622 |
769 |
|
|
2018-08-30 |
2018-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. |
|
27 |
CVE-2018-14620 |
20 |
|
|
2018-09-10 |
2018-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable. |
|
28 |
CVE-2018-14432 |
200 |
|
Bypass +Info |
2018-07-31 |
2018-10-12 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected. |
|
29 |
CVE-2018-14362 |
119 |
|
Overflow |
2018-07-17 |
2018-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. |
|
30 |
CVE-2018-14357 |
77 |
|
Exec Code |
2018-07-17 |
2018-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. |
|
31 |
CVE-2018-14354 |
77 |
|
Exec Code |
2018-07-17 |
2018-10-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. |
|
32 |
CVE-2018-12828 |
264 |
|
|
2018-08-29 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation. |
|
33 |
CVE-2018-12827 |
125 |
|
|
2018-08-29 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
34 |
CVE-2018-12826 |
125 |
|
|
2018-08-29 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
35 |
CVE-2018-12825 |
254 |
|
Bypass |
2018-08-29 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass. |
|
36 |
CVE-2018-12824 |
125 |
|
|
2018-08-29 |
2018-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
|
37 |
CVE-2018-12533 |
94 |
|
Exec Code |
2018-06-18 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. |
|
38 |
CVE-2018-12532 |
94 |
|
Exec Code |
2018-06-18 |
2018-08-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309. |
|
39 |
CVE-2018-12387 |
20 |
|
|
2018-10-18 |
2018-12-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. |
|
40 |
CVE-2018-12386 |
704 |
|
Exec Code |
2018-10-18 |
2018-12-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. |
|
41 |
CVE-2018-12385 |
20 |
|
|
2018-10-18 |
2018-12-06 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. |
|
42 |
CVE-2018-12383 |
200 |
|
+Info |
2018-10-18 |
2018-12-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. |
|
43 |
CVE-2018-12379 |
787 |
|
|
2018-10-18 |
2018-12-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. |
|
44 |
CVE-2018-12378 |
416 |
|
|
2018-10-18 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. |
|
45 |
CVE-2018-12377 |
416 |
|
|
2018-10-18 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. |
|
46 |
CVE-2018-12376 |
119 |
|
Overflow Mem. Corr. |
2018-10-18 |
2018-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. |
|
47 |
CVE-2018-12366 |
125 |
|
|
2018-10-18 |
2018-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. |
|
48 |
CVE-2018-12365 |
200 |
|
+Info |
2018-10-18 |
2018-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. |
|
49 |
CVE-2018-12364 |
352 |
|
Bypass CSRF |
2018-10-18 |
2018-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. |
|
50 |
CVE-2018-12363 |
416 |
|
|
2018-10-18 |
2018-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. |
