Total
30473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10192 | 1 Ipvanish | 1 Ipvanish | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the "connect" message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user. | |||||
| CVE-2018-10123 | 1 Intenogroup | 2 Iopsys, Iopsys Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. | |||||
| CVE-2018-10063 | 1 Convert Forms Project | 1 Convert Forms | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file. | |||||
| CVE-2018-10021 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| ** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables. | |||||
| CVE-2018-1002101 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
| In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. | |||||
| CVE-2018-1000654 | 1 Gnu | 1 Libtasn1 | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. | |||||
| CVE-2018-1000628 | 1 Battelle | 1 V2i Hub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp() function. By adding "[]" to the end of "key" in the URL when accessing API functions, an attacker could exploit this vulnerability to execute API functions. | |||||
| CVE-2018-1000626 | 1 Battelle | 1 V2i Hub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the system. | |||||
| CVE-2018-1000615 | 1 Onosproject | 1 Onos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. | |||||
| CVE-2018-1000551 | 1 Trovebox | 1 Trovebox | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Trovebox version <= 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe. | |||||
| CVE-2018-1000419 | 1 Atlassian | 1 Hipchat | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. | |||||
| CVE-2018-1000408 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory. | |||||
| CVE-2018-1000204 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 6.3 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit." | |||||
| CVE-2018-1000203 | 1 Soarlabs | 1 Soarcoin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed. | |||||
| CVE-2018-1000192 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins. | |||||
| CVE-2018-1000189 | 1 Jenkins | 1 Absint Astree | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master. | |||||
| CVE-2018-1000149 | 1 Jenkins | 1 Ansible | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java, AnsibleContext.java, AnsibleJobDslExtension.java, AnsiblePlaybookBuilder.java, AnsiblePlaybookStep.java that disables host key verification by default. | |||||
| CVE-2018-1000146 | 1 Jenkins | 1 Liquibase Runner | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM. | |||||
| CVE-2018-1000101 | 1 Mingw-w64 | 1 Mingw-w64 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network. | |||||
| CVE-2018-1000041 | 2 Debian, Gnome | 2 Debian Linux, Librsvg | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. | |||||