Total
30131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1122 | 3 Canonical, Debian, Procps-ng Project | 3 Ubuntu Linux, Debian Linux, Procps-ng | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. | |||||
| CVE-2018-1117 | 2 Ovirt, Redhat | 2 Ovirt-ansible-roles, Enterprise Virtualization | 2024-11-21 | 5.0 MEDIUM | 5.0 MEDIUM |
| ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. | |||||
| CVE-2018-1112 | 1 Gluster | 1 Glusterfs | 2024-11-21 | 7.5 HIGH | 8.0 HIGH |
| glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. | |||||
| CVE-2018-1087 | 4 Canonical, Debian, Linux and 1 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2024-11-21 | 4.6 MEDIUM | 8.0 HIGH |
| kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. | |||||
| CVE-2018-1081 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. | |||||
| CVE-2018-1080 | 1 Dogtagpki | 1 Dogtagpki | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences. | |||||
| CVE-2018-1078 | 1 Opendaylight | 1 Openflow | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired. | |||||
| CVE-2018-1061 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | |||||
| CVE-2018-1060 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | |||||
| CVE-2018-1058 | 3 Canonical, Postgresql, Redhat | 3 Ubuntu Linux, Postgresql, Cloudforms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. | |||||
| CVE-2018-1043 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. | |||||
| CVE-2018-1040 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-11-21 | 5.4 MEDIUM | 5.3 MEDIUM |
| A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-1039 | 1 Microsoft | 8 .net Framework, Windows 10, Windows 7 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. | |||||
| CVE-2018-1038 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." | |||||
| CVE-2018-1035 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers. | |||||
| CVE-2018-1030 | 1 Microsoft | 1 Office | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026. | |||||
| CVE-2018-1029 | 1 Microsoft | 6 Excel, Excel 2007, Excel 2010 and 3 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027. | |||||
| CVE-2018-1027 | 1 Microsoft | 5 Excel, Excel 2007, Excel 2010 and 2 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029. | |||||
| CVE-2018-1026 | 1 Microsoft | 1 Office | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030. | |||||
| CVE-2018-1025 | 1 Microsoft | 2 Edge, Internet Explorer | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge. | |||||