Total
296825 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1002200 | 3 Codehaus-plexus, Debian, Redhat | 5 Plexus-archiver, Debian Linux, Enterprise Linux and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | |||||
| CVE-2018-1002150 | 1 Koji Project | 1 Koji | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. | |||||
| CVE-2018-1002105 | 3 Kubernetes, Netapp, Redhat | 3 Kubernetes, Trident, Openshift Container Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. | |||||
| CVE-2018-1002104 | 1 Kubernetes | 1 Nginx Ingress Controller | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. | |||||
| CVE-2018-1002103 | 1 Kubernetes | 1 Minikube | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. | |||||
| CVE-2018-1002102 | 2 Fedoraproject, Kubernetes | 2 Fedora, Kubernetes | 2024-11-21 | 2.1 LOW | 2.6 LOW |
| Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet. | |||||
| CVE-2018-1002101 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 7.5 HIGH | 5.9 MEDIUM |
| In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. | |||||
| CVE-2018-1002100 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 3.6 LOW | 4.2 MEDIUM |
| In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files. | |||||
| CVE-2018-1002009 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. | |||||
| CVE-2018-1002008 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. | |||||
| CVE-2018-1002007 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. | |||||
| CVE-2018-1002006 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes | |||||
| CVE-2018-1002005 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter. | |||||
| CVE-2018-1002004 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002003 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002002 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002001 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002000 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request. | |||||
| CVE-2018-1000998 | 1 Freebsd | 1 Cvsweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x. | |||||
| CVE-2018-1000997 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation. | |||||