CVE-2018-4010 CVSS:7.2
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges. (Last Update:2018-09-20) (Publish Update:2018-09-07)
CVE-2018-3952 CVSS:7.2
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. (Last Update:2018-09-20) (Publish Update:2018-09-07)
CVE-2018-1789 CVSS:6.5
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939. (Last Update:2018-09-21) (Publish Update:2018-09-07)
CVE-2018-1567 CVSS:7.5
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024. (Last Update:2018-09-21) (Publish Update:2018-09-07)
CVE-2018-8349 CVSS:9.3
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. (Last Update:2018-09-10) (Publish Update:2018-08-15)
CVE-2018-8404 CVSS:7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399. (Last Update:2018-09-06) (Publish Update:2018-08-15)
CVE-2018-8345 CVSS:7.6
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346. (Last Update:2018-09-07) (Publish Update:2018-08-15)
CVE-2018-8344 CVSS:9.3
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. (Last Update:2018-09-07) (Publish Update:2018-08-15)
CVE-2018-8343 CVSS:6.9
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342. (Last Update:2018-09-07) (Publish Update:2018-08-15)
CVE-2018-8339 CVSS:6.9
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. (Last Update:2018-09-07) (Publish Update:2018-08-15)
CVE-2018-14617 CVSS:7.1
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2018-14616 CVSS:7.1
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2018-14615 CVSS:7.1
An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2018-14614 CVSS:7.1
An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2018-14613 CVSS:7.1
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2018-14612 CVSS:7.1
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2018-14611 CVSS:7.1
An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2018-14610 CVSS:7.1
An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2018-14609 CVSS:7.1
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2017-2581 CVSS:6.8
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2017-2580 CVSS:6.8
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2017-2579 CVSS:6.8
An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution. (Last Update:2018-09-19) (Publish Update:2018-07-27)
CVE-2017-2620 CVSS:9.0
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (Last Update:2018-09-07) (Publish Update:2018-07-27)
CVE-2016-9603 CVSS:9.0
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (Last Update:2018-09-07) (Publish Update:2018-07-27)
CVE-2018-1056 CVSS:6.8
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files. (Last Update:2018-09-21) (Publish Update:2018-07-27)
CVE-2017-2652 CVSS:9.0
It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all connected nodes. (Last Update:2018-09-21) (Publish Update:2018-07-27)
CVE-2017-2649 CVSS:6.8
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks. (Last Update:2018-09-21) (Publish Update:2018-07-27)
CVE-2017-2648 CVSS:6.8
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks. (Last Update:2018-09-21) (Publish Update:2018-07-27)
CVE-2018-14603 CVSS:6.8
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. (Last Update:2018-09-18) (Publish Update:2018-07-26)
CVE-2018-0621 CVSS:6.8
Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. (Last Update:2018-09-20) (Publish Update:2018-07-26)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com