Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12479 | 1 Opensuse | 1 Open Build Service | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. | |||||
| CVE-2018-12478 | 1 Opensuse | 1 Open Build Service | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown. | |||||
| CVE-2018-12474 | 1 Opensuse | 1 Tar Scm | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106. | |||||
| CVE-2018-12207 | 8 Canonical, Debian, F5 and 5 more | 1533 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 1530 more | 2023-11-07 | 4.9 MEDIUM | 6.5 MEDIUM |
| Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | |||||
| CVE-2018-12088 | 1 S3ql Project | 1 S3ql | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function. | |||||
| CVE-2018-11799 | 1 Apache | 1 Oozie | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 to impersonate other users. The malicious user can construct an XML that results workflows running in other user's name. | |||||
| CVE-2018-11773 | 1 Apache | 1 Virtual Computing Lab | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | |||||
| CVE-2018-11411 | 1 Dimoncoin | 1 Dimoncoin | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect. | |||||
| CVE-2018-11357 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. | |||||
| CVE-2018-11354 | 1 Wireshark | 1 Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. | |||||
| CVE-2018-11316 | 1 Sonos | 2 Sonos, Sonos Firmware | 2023-11-07 | 9.3 HIGH | 9.6 CRITICAL |
| The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. | |||||
| CVE-2018-11315 | 1 Radiothermostat | 4 Ct50, Ct50 Firmware, Ct80 and 1 more | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860. | |||||
| CVE-2018-11314 | 1 Roku | 2 Roku, Roku Firmware | 2023-11-07 | 9.3 HIGH | 9.6 CRITICAL |
| The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker. | |||||
| CVE-2018-10899 | 2 Jolokia, Redhat | 2 Jolokia, Openstack | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. | |||||
| CVE-2018-10888 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. | |||||
| CVE-2018-10468 | 1 Uetoken | 1 Useless Ethereum Token | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue. | |||||
| CVE-2018-10105 | 1 Tcpdump | 1 Tcpdump | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). | |||||
| CVE-2018-10103 | 1 Tcpdump | 1 Tcpdump | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). | |||||
| CVE-2018-1000873 | 3 Fasterxml, Netapp, Oracle | 6 Jackson-modules-java8, Active Iq Unified Manager, Clusterware and 3 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. | |||||
| CVE-2017-9801 | 1 Apache | 1 Commons Email | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. | |||||