Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.13%
Published
2018-05-18
Updated
2019-10-03
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
Source: MITRE
Max CVSS
9.1
EPSS Score
0.51%
Published
2018-05-24
Updated
2019-10-03
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.
Source: MITRE
Max CVSS
9.8
EPSS Score
1.33%
Published
2018-05-24
Updated
2020-08-24
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-05-24
Updated
2020-08-24
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.44%
Published
2018-05-08
Updated
2020-10-26
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.
Source: MITRE
Max CVSS
9.8
EPSS Score
1.60%
Published
2018-05-08
Updated
2020-10-26
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions.
Source: MITRE
Max CVSS
5.4
EPSS Score
0.05%
Published
2018-05-08
Updated
2018-06-13
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-05-08
Updated
2018-06-13
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.06%
Published
2018-05-08
Updated
2018-06-13
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-05-08
Updated
2018-06-13
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.12%
Published
2018-05-08
Updated
2018-06-13
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.
Source: MITRE
Max CVSS
7.5
EPSS Score
4.18%
Published
2018-05-08
Updated
2022-08-16
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.22%
Published
2018-05-24
Updated
2019-10-03
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.22%
Published
2018-05-24
Updated
2019-03-14
In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.36%
Published
2018-05-24
Updated
2019-03-14
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.43%
Published
2018-05-24
Updated
2020-08-24
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.22%
Published
2018-05-24
Updated
2019-03-14
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.10%
Published
2018-05-24
Updated
2021-12-14
An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-05-31
Updated
2018-06-29
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-05-31
Updated
2018-07-02
Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.09%
Published
2018-05-31
Updated
2019-10-03
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.11%
Published
2018-05-31
Updated
2019-02-26
SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.11%
Published
2018-05-31
Updated
2020-08-24
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.26%
Published
2018-05-31
Updated
2019-10-03
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.17%
Published
2018-05-31
Updated
2018-06-06
1162 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!