Total
10279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1102 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation. | |||||
| CVE-2018-1099 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). | |||||
| CVE-2018-1070 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard. | |||||
| CVE-2018-1047 | 1 Redhat | 3 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. | |||||
| CVE-2018-1016 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015. | |||||
| CVE-2018-1015 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1016. | |||||
| CVE-2018-1013 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016. | |||||
| CVE-2018-1012 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. | |||||
| CVE-2018-1010 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. | |||||
| CVE-2018-19980 | 1 Anker | 2 Nebula Capsule Projector, Nebula Capsule Projector Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService. | |||||
| CVE-2018-19967 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. | |||||
| CVE-2018-19960 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname. | |||||
| CVE-2018-19936 | 1 Printeron | 1 Printeron | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. | |||||
| CVE-2018-19869 | 2 Opensuse, Qt | 2 Leap, Qt | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. | |||||
| CVE-2018-19864 | 1 Nuuo | 1 Nvrmini2 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. | |||||
| CVE-2018-19791 | 1 Litespeedtech | 1 Openlitespeed | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substring. | |||||
| CVE-2018-19788 | 3 Canonical, Debian, Polkit Project | 3 Ubuntu Linux, Debian Linux, Polkit | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | |||||
| CVE-2018-19755 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer. | |||||
| CVE-2018-19654 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists. | |||||
| CVE-2018-19642 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.0 MEDIUM | 5.1 MEDIUM |
| Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||