Total
324490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10929 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.8 High |
| A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. | ||||
| CVE-2018-10928 | 4 Debian, Gluster, Opensuse and 1 more | 8 Debian Linux, Glusterfs, Leap and 5 more | 2024-11-21 | 8.8 High |
| A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. | ||||
| CVE-2018-10927 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.1 High |
| A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | ||||
| CVE-2018-10926 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.8 High |
| A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. | ||||
| CVE-2018-10925 | 4 Canonical, Debian, Postgresql and 1 more | 5 Ubuntu Linux, Debian Linux, Postgresql and 2 more | 2024-11-21 | 8.1 High |
| It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table. | ||||
| CVE-2018-10924 | 1 Gluster | 1 Glusterfs | 2024-11-21 | N/A |
| It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine. | ||||
| CVE-2018-10923 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.1 High |
| It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. | ||||
| CVE-2018-10922 | 1 Ttembed Project | 1 Ttembed | 2024-11-21 | N/A |
| An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled values. | ||||
| CVE-2018-10921 | 1 Ttembed Project | 1 Ttembed | 2024-11-21 | N/A |
| Certain input files may trigger an integer overflow in ttembed input file processing. This overflow could potentially lead to corruption of the input file due to a lack of checking return codes of fgetc/fputc function calls. | ||||
| CVE-2018-10920 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 6.8 Medium |
| Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. | ||||
| CVE-2018-10919 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-11-21 | N/A |
| The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. | ||||
| CVE-2018-10918 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2024-11-21 | N/A |
| A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable. | ||||
| CVE-2018-10917 | 2 Pulpproject, Redhat | 4 Pulp, Rhui, Satellite and 1 more | 2024-11-21 | N/A |
| pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories. | ||||
| CVE-2018-10916 | 4 Canonical, Lftp Project, Opensuse and 1 more | 4 Ubuntu Linux, Lftp, Leap and 1 more | 2024-11-21 | N/A |
| It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system. | ||||
| CVE-2018-10915 | 4 Canonical, Debian, Postgresql and 1 more | 12 Ubuntu Linux, Debian Linux, Postgresql and 9 more | 2024-11-21 | N/A |
| A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. | ||||
| CVE-2018-10914 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 6.5 Medium |
| It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes. | ||||
| CVE-2018-10913 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file. | ||||
| CVE-2018-10912 | 1 Redhat | 4 Jboss Single Sign On, Keycloak, Openshift Application Runtimes and 1 more | 2024-11-21 | 4.9 Medium |
| keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the server. | ||||
| CVE-2018-10911 | 4 Debian, Gluster, Opensuse and 1 more | 9 Debian Linux, Glusterfs, Leap and 6 more | 2024-11-21 | 7.5 High |
| A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. | ||||
| CVE-2018-10910 | 3 Bluez, Canonical, Redhat | 3 Bluez, Ubuntu Linux, Enterprise Linux | 2024-11-21 | N/A |
| A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable. | ||||