Total
317372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1067 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Undertow and 1 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. | |||||
| CVE-2018-1066 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. | |||||
| CVE-2018-1065 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
| The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. | |||||
| CVE-2018-1064 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | |||||
| CVE-2018-1063 | 2 Redhat, Selinux Project | 2 Enterprise Linux, Selinux | 2024-11-21 | 3.3 LOW | 4.4 MEDIUM |
| Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. | |||||
| CVE-2018-1062 | 1 Redhat | 1 Ovirt-engine | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM. | |||||
| CVE-2018-1061 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | |||||
| CVE-2018-1060 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | |||||
| CVE-2018-1059 | 3 Canonical, Dpdk, Redhat | 9 Ubuntu Linux, Data Plane Development Kit, Ceph Storage and 6 more | 2024-11-21 | 2.9 LOW | 6.1 MEDIUM |
| The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. | |||||
| CVE-2018-1058 | 3 Canonical, Postgresql, Redhat | 3 Ubuntu Linux, Postgresql, Cloudforms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. | |||||
| CVE-2018-1057 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). | |||||
| CVE-2018-1056 | 3 Advancemame, Canonical, Debian | 3 Advancecomp, Ubuntu Linux, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files. | |||||
| CVE-2018-1054 | 2 Fedoraproject, Redhat | 4 389 Directory Server, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | |||||
| CVE-2018-1053 | 4 Canonical, Debian, Postgresql and 1 more | 4 Ubuntu Linux, Debian Linux, Postgresql and 1 more | 2024-11-21 | 3.3 LOW | 7.0 HIGH |
| In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. | |||||
| CVE-2018-1052 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. | |||||
| CVE-2018-1051 | 1 Redhat | 1 Resteasy | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. | |||||
| CVE-2018-1050 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. | |||||
| CVE-2018-1049 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Enterprise Linux and 8 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. | |||||
| CVE-2018-1048 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | |||||
| CVE-2018-1047 | 1 Redhat | 3 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. | |||||