| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-14638 |
415 |
|
DoS |
2018-09-14 |
2018-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. |
|
2 |
CVE-2018-14624 |
20 |
|
|
2018-09-06 |
2018-11-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. |
|
3 |
CVE-2018-14348 |
200 |
|
+Info |
2018-08-14 |
2018-10-12 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. |
|
4 |
CVE-2018-10852 |
200 |
|
+Info |
2018-06-26 |
2018-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. |
|
5 |
CVE-2018-7262 |
476 |
|
DoS |
2018-03-19 |
2018-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. |
|
6 |
CVE-2018-6003 |
399 |
|
|
2018-01-22 |
2018-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. |
|
7 |
CVE-2018-5730 |
90 |
|
|
2018-03-06 |
2018-11-27 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. |
|
8 |
CVE-2018-1089 |
20 |
|
DoS Overflow |
2018-05-09 |
2018-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. |
|
9 |
CVE-2018-1054 |
125 |
|
DoS |
2018-03-07 |
2018-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. |
|
10 |
CVE-2017-1002150 |
601 |
|
CSRF |
2017-09-14 |
2017-09-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection |
|
11 |
CVE-2017-1000001 |
20 |
|
|
2017-07-17 |
2017-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. |
|
12 |
CVE-2017-15134 |
119 |
|
DoS Overflow |
2018-03-01 |
2018-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. |
|
13 |
CVE-2017-13704 |
20 |
|
|
2017-10-02 |
2018-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. |
|
14 |
CVE-2017-7551 |
640 |
|
|
2017-08-16 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. |
|
15 |
CVE-2017-6362 |
415 |
|
DoS |
2017-09-07 |
2017-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. |
|
16 |
CVE-2017-5357 |
416 |
|
DoS |
2017-02-16 |
2017-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. |
|
17 |
CVE-2017-2591 |
125 |
|
|
2018-04-30 |
2018-06-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service. |
|
18 |
CVE-2016-10132 |
476 |
|
DoS |
2017-03-24 |
2017-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. |
|
19 |
CVE-2016-9956 |
284 |
|
|
2017-02-22 |
2017-02-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. |
|
20 |
CVE-2016-9243 |
20 |
|
|
2017-03-27 |
2017-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. |
|
21 |
CVE-2016-9108 |
190 |
|
DoS Overflow |
2017-02-03 |
2017-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. |
|
22 |
CVE-2016-8605 |
275 |
|
|
2017-01-12 |
2017-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. |
|
23 |
CVE-2016-7972 |
399 |
|
DoS |
2017-03-03 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. |
|
24 |
CVE-2016-7970 |
119 |
|
DoS Overflow |
2017-03-03 |
2017-03-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors. |
|
25 |
CVE-2016-7969 |
125 |
|
DoS |
2017-03-03 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." |
|
26 |
CVE-2016-7952 |
20 |
|
DoS |
2016-12-13 |
2016-12-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. |
|
27 |
CVE-2016-7946 |
284 |
|
DoS |
2016-12-13 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. |
|
28 |
CVE-2016-7945 |
125 |
|
DoS Overflow |
2016-12-13 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. |
|
29 |
CVE-2016-6866 |
476 |
|
Bypass |
2017-02-15 |
2017-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. |
|
30 |
CVE-2016-6855 |
787 |
|
DoS |
2016-09-07 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. |
|
31 |
CVE-2016-6342 |
284 |
|
|
2017-06-27 |
2017-07-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
elog 3.1.1 allows remote attackers to post data as any username in the logbook. |
|
32 |
CVE-2016-6323 |
284 |
|
DoS |
2016-10-07 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. |
|
33 |
CVE-2016-5391 |
476 |
|
DoS |
2017-06-13 |
2017-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). |
|
34 |
CVE-2016-5387 |
284 |
|
|
2016-07-18 |
2018-01-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. |
|
35 |
CVE-2016-5385 |
284 |
|
|
2016-07-18 |
2018-01-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. |
|
36 |
CVE-2016-5244 |
200 |
|
+Info |
2016-06-27 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. |
|
37 |
CVE-2016-4414 |
|
|
DoS |
2016-06-13 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. |
|
38 |
CVE-2016-3959 |
20 |
|
DoS |
2016-05-23 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries. |
|
39 |
CVE-2016-3704 |
255 |
|
|
2017-06-13 |
2018-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. |
|
40 |
CVE-2016-3674 |
200 |
|
+Info |
2016-05-17 |
2018-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document. |
|
41 |
CVE-2016-3125 |
254 |
|
|
2016-04-05 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. |
|
42 |
CVE-2016-3075 |
119 |
|
DoS Overflow |
2016-06-01 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. |
|
43 |
CVE-2016-3071 |
20 |
|
DoS |
2016-04-18 |
2017-02-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. |
|
44 |
CVE-2016-2850 |
20 |
|
|
2016-05-13 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. |
|
45 |
CVE-2016-2849 |
200 |
|
+Info |
2016-05-13 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. |
|
46 |
CVE-2016-2166 |
200 |
|
+Info |
2016-04-12 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. |
|
47 |
CVE-2016-2146 |
119 |
|
DoS Overflow |
2016-04-15 |
2016-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data. |
|
48 |
CVE-2016-2145 |
20 |
|
DoS |
2016-04-15 |
2016-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. |
|
49 |
CVE-2016-2086 |
20 |
|
|
2016-04-07 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. |
|
50 |
CVE-2016-2044 |
200 |
|
+Info |
2016-02-19 |
2016-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. |
