| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000808 |
404 |
|
DoS |
2018-10-08 |
2021-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0. |
|
2 |
CVE-2018-1000807 |
416 |
|
DoS Exec Code |
2018-10-08 |
2021-08-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. |
|
3 |
CVE-2018-1000301 |
125 |
|
DoS |
2018-05-24 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. |
|
4 |
CVE-2018-1000122 |
125 |
|
DoS +Info |
2018-03-14 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage |
|
5 |
CVE-2018-1000121 |
476 |
|
DoS |
2018-03-14 |
2019-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service |
|
6 |
CVE-2018-1000120 |
787 |
|
DoS Overflow |
2018-03-14 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. |
|
7 |
CVE-2018-18521 |
369 |
|
DoS |
2018-10-19 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. |
|
8 |
CVE-2018-18520 |
119 |
|
DoS Overflow |
2018-10-19 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. |
|
9 |
CVE-2018-18310 |
119 |
|
DoS Overflow |
2018-10-15 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. |
|
10 |
CVE-2018-16402 |
415 |
|
DoS |
2018-09-03 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. |
|
11 |
CVE-2018-16062 |
125 |
|
DoS |
2018-08-29 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. |
|
12 |
CVE-2018-14679 |
193 |
|
DoS |
2018-07-28 |
2021-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). |
|
13 |
CVE-2018-14661 |
20 |
|
DoS |
2018-10-31 |
2021-11-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. |
|
14 |
CVE-2018-14659 |
400 |
|
DoS |
2018-10-31 |
2021-11-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. |
|
15 |
CVE-2018-14653 |
122 |
|
DoS Overflow |
2018-10-31 |
2021-12-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. |
|
16 |
CVE-2018-14652 |
120 |
|
DoS Overflow |
2018-10-31 |
2022-04-12 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. |
|
17 |
CVE-2018-14647 |
909 |
|
DoS |
2018-09-25 |
2020-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. |
|
18 |
CVE-2018-14646 |
476 |
|
DoS |
2018-11-26 |
2019-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. |
|
19 |
CVE-2018-14638 |
415 |
|
DoS |
2018-09-14 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. |
|
20 |
CVE-2018-13988 |
125 |
|
DoS Mem. Corr. |
2018-07-25 |
2019-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. |
|
21 |
CVE-2018-13785 |
369 |
|
DoS Overflow |
2018-07-09 |
2022-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. |
|
22 |
CVE-2018-13033 |
770 |
|
DoS |
2018-07-01 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. |
|
23 |
CVE-2018-11212 |
369 |
|
DoS |
2018-05-16 |
2022-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. |
|
24 |
CVE-2018-10927 |
20 |
|
DoS +Info |
2018-09-04 |
2022-04-12 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. |
|
25 |
CVE-2018-10914 |
476 |
|
DoS |
2018-09-04 |
2022-04-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. |
|
26 |
CVE-2018-10906 |
269 |
|
DoS Bypass |
2018-07-24 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. |
|
27 |
CVE-2018-10883 |
787 |
|
DoS |
2018-07-30 |
2019-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. |
|
28 |
CVE-2018-10881 |
119 |
|
DoS Overflow |
2018-07-26 |
2019-10-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. |
|
29 |
CVE-2018-10879 |
416 |
|
DoS |
2018-07-26 |
2019-10-09 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. |
|
30 |
CVE-2018-10878 |
787 |
|
DoS |
2018-07-26 |
2019-10-09 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. |
|
31 |
CVE-2018-10850 |
362 |
|
DoS |
2018-06-13 |
2019-05-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. |
|
32 |
CVE-2018-10768 |
476 |
|
DoS |
2018-05-06 |
2019-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. |
|
33 |
CVE-2018-10767 |
125 |
|
DoS |
2018-05-06 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. |
|
34 |
CVE-2018-10733 |
125 |
|
DoS |
2018-05-04 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. |
|
35 |
CVE-2018-10675 |
416 |
|
DoS |
2018-05-02 |
2020-07-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. |
|
36 |
CVE-2018-10535 |
476 |
|
DoS |
2018-04-29 |
2019-08-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. |
|
37 |
CVE-2018-10373 |
476 |
|
DoS |
2018-04-25 |
2019-08-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. |
|
38 |
CVE-2018-10372 |
125 |
|
DoS |
2018-04-25 |
2019-08-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. |
|
39 |
CVE-2018-10322 |
476 |
|
DoS |
2018-04-24 |
2020-10-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. |
|
40 |
CVE-2018-10194 |
119 |
|
DoS Overflow |
2018-04-18 |
2019-07-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. |
|
41 |
CVE-2018-10120 |
787 |
|
DoS Overflow |
2018-04-16 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. |
|
42 |
CVE-2018-10119 |
416 |
|
DoS |
2018-04-16 |
2019-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. |
|
43 |
CVE-2018-8945 |
20 |
|
DoS |
2018-03-22 |
2019-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. |
|
44 |
CVE-2018-7858 |
125 |
|
DoS |
2018-03-12 |
2020-11-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. |
|
45 |
CVE-2018-7740 |
119 |
|
DoS Overflow |
2018-03-07 |
2019-03-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. |
|
46 |
CVE-2018-7727 |
772 |
|
DoS |
2018-03-06 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. |
|
47 |
CVE-2018-7726 |
119 |
|
DoS Overflow |
2018-03-06 |
2020-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. |
|
48 |
CVE-2018-7725 |
119 |
|
DoS Overflow |
2018-03-06 |
2020-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. |
|
49 |
CVE-2018-7643 |
190 |
|
DoS Overflow |
2018-03-02 |
2019-10-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. |
|
50 |
CVE-2018-7642 |
476 |
|
DoS |
2018-03-02 |
2019-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. |
