Total
325181 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10906 | 3 Debian, Fuse Project, Redhat | 6 Debian Linux, Fuse, Enterprise Linux and 3 more | 2024-11-21 | N/A |
| In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. | ||||
| CVE-2018-10905 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user. | ||||
| CVE-2018-10904 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.8 High |
| It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. | ||||
| CVE-2018-10903 | 3 Canonical, Cryptography, Redhat | 3 Ubuntu Linux, Python-cryptography, Openstack | 2024-11-21 | N/A |
| A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. | ||||
| CVE-2018-10902 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | N/A |
| It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. | ||||
| CVE-2018-10901 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 7.8 High |
| A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. | ||||
| CVE-2018-10900 | 2 Debian, Gnome | 2 Debian Linux, Network Manager Vpnc | 2024-11-21 | 7.8 High |
| Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root. | ||||
| CVE-2018-10899 | 2 Jolokia, Redhat | 4 Jolokia, Jboss Amq, Jboss Fuse and 1 more | 2024-11-21 | N/A |
| A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. | ||||
| CVE-2018-10898 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2024-11-21 | N/A |
| A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. | ||||
| CVE-2018-10897 | 2 Redhat, Rpm | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-11-21 | 8.1 High |
| A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected. | ||||
| CVE-2018-10896 | 2 Canonical, Redhat | 3 Cloud-init, Enterprise Linux, Rhel Eus | 2024-11-21 | 7.1 High |
| The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. | ||||
| CVE-2018-10895 | 1 Qutebrowser | 1 Qutebrowser | 2024-11-21 | N/A |
| qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution. | ||||
| CVE-2018-10894 | 1 Redhat | 6 Enterprise Linux, Jboss Single Sign On, Keycloak and 3 more | 2024-11-21 | N/A |
| It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. | ||||
| CVE-2018-10893 | 2 Redhat, Spice Project | 2 Enterprise Linux, Spice | 2024-11-21 | N/A |
| Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. | ||||
| CVE-2018-10892 | 4 Docker, Mobyproject, Opensuse and 1 more | 7 Docker, Moby, Leap and 4 more | 2024-11-21 | 5.3 Medium |
| The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | ||||
| CVE-2018-10891 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.3 High |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank. | ||||
| CVE-2018-10890 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories. | ||||
| CVE-2018-10889 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester. | ||||
| CVE-2018-10888 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-11-21 | 6.5 Medium |
| A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. | ||||
| CVE-2018-10887 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-11-21 | 8.1 High |
| A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. | ||||