CVE-2018-1002150 CVSS:7.5
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. (Last Update:2018-05-18) (Publish Update:2018-04-04)
CVE-2018-1002100 CVSS:3.6
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. (Last Update:2018-07-03) (Publish Update:2018-06-01)
CVE-2018-1000623 CVSS:0.0
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known "Zip Slip" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000622 CVSS:0.0
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000621 CVSS:0.0
Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorrect Access Control vulnerability in Websocket configuration that can result in code execution. This impacts ONLY the Mycroft for Linux and "non-enclosure" installs - Mark 1 and Picroft unaffected. This attack appear to be exploitable remote access to the unsecured websocket server. This vulnerability appears to have been fixed in No fix currently available. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000620 CVSS:0.0
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000619 CVSS:0.0
Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, bab_getAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000618 CVSS:0.0
EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d . (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000617 CVSS:0.0
Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack). (Last Update:2018-07-12) (Publish Update:2018-07-09)
CVE-2018-1000616 CVSS:0.0
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000615 CVSS:0.0
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000614 CVSS:0.0
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000613 CVSS:0.0
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs version prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.. This vulnerability appears to have been fixed in 1.60 and later. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000611 CVSS:0.0
SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL. (Last Update:2018-07-09) (Publish Update:2018-07-09)
CVE-2018-1000610 CVSS:0.0
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin. (Last Update:2018-06-26) (Publish Update:2018-06-26)
CVE-2018-1000609 CVSS:0.0
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to obtain the YAML export of the Jenkins configuration. (Last Update:2018-06-26) (Publish Update:2018-06-26)
CVE-2018-1000608 CVSS:0.0
A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured password. (Last Update:2018-07-03) (Publish Update:2018-06-26)
CVE-2018-1000607 CVSS:0.0
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as. (Last Update:2018-06-26) (Publish Update:2018-06-26)
CVE-2018-1000606 CVSS:0.0
A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. (Last Update:2018-06-26) (Publish Update:2018-06-26)
CVE-2018-1000605 CVSS:0.0
A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. (Last Update:2018-06-26) (Publish Update:2018-06-26)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com