CVE List 2018

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2018-9996
3.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low binutils An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. April 10, 2018, 17:04 pm
CVE-2018-9862
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious docker util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a docker exec command with that value in the -u argument, a similar issue to CVE-2016-3697. April 9, 2018, 11:04 am
CVE-2018-9336
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal openvpn openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. May 1, 2018, 13:05 pm
CVE-2018-9274
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9273
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9272
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9271
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9270
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9269
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9268
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9267
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9266
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9265
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. April 4, 2018, 02:04 am
CVE-2018-9264
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. April 4, 2018, 02:04 am
CVE-2018-9263
7.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. April 4, 2018, 02:04 am
CVE-2018-9262
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 In progress
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. April 4, 2018, 02:04 am
CVE-2018-9261
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. April 4, 2018, 02:04 am
CVE-2018-9260
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. April 4, 2018, 02:04 am
CVE-2018-9259
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. April 4, 2018, 02:04 am
CVE-2018-9258
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious wireshark In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. April 4, 2018, 02:04 am
CVE-2018-9257
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. April 4, 2018, 02:04 am
CVE-2018-9256
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. April 4, 2018, 02:04 am
CVE-2018-9251
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Normal libxml2 The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. April 3, 2018, 21:04 pm
CVE-2018-9234
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious gnupg GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. April 3, 2018, 19:04 pm
CVE-2018-9138
6.2 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Normal binutils An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. March 30, 2018, 03:03 am
CVE-2018-8945
5.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal binutils The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. March 22, 2018, 16:03 pm
CVE-2018-8936
9.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical kernel The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. March 22, 2018, 09:03 am
CVE-2018-8935
9.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical kernel The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. March 22, 2018, 09:03 am
CVE-2018-8934
9.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical kernel The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. March 22, 2018, 09:03 am
CVE-2018-8933
9.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical kernel The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. March 22, 2018, 09:03 am
CVE-2018-8932
9.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical kernel The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. March 22, 2018, 09:03 am
CVE-2018-8931
9.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical kernel The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. March 22, 2018, 09:03 am
CVE-2018-8930
9.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical kernel The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. March 22, 2018, 09:03 am
CVE-2018-8897
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developers Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. May 8, 2018, 13:05 pm
CVE-2018-8822
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. March 20, 2018, 12:03 pm
CVE-2018-8781
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. April 23, 2018, 14:04 pm
CVE-2018-8780
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal ruby In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. April 3, 2018, 17:04 pm
CVE-2018-8779
3.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low ruby In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. April 3, 2018, 17:04 pm
CVE-2018-8778
4.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal ruby In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. April 3, 2018, 17:04 pm
CVE-2018-8777
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious ruby In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). April 3, 2018, 17:04 pm
CVE-2018-8769
7.8 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
Serious elfutils elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. March 18, 2018, 01:03 am
CVE-2018-8740
3.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Low sqlite In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. March 16, 2018, 19:03 pm
CVE-2018-8087
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal kernel Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. March 13, 2018, 01:03 am
CVE-2018-8043
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal kernel The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). March 10, 2018, 16:03 pm
CVE-2018-8011
7.5 MV Product/Version
affected:
Serious apache2 By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). July 18, 2018, 09:07 am
CVE-2018-7995
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel ** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant. March 9, 2018, 09:03 am
CVE-2018-7858
5.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 In progress
CGX 2.2 In progress
CGE 7.0 Resolved
Normal qemu Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. March 12, 2018, 16:03 pm
CVE-2018-7757
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal kernel Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. March 8, 2018, 08:03 am
CVE-2018-7755
5.3 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
Normal kernel An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. March 8, 2018, 01:03 am
CVE-2018-7754
6.0 MV Product/Version
affected:
Normal kernel The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading ffree: lines in a debugfs file. August 10, 2018, 11:08 am
CVE-2018-7740
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal kernel The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. March 7, 2018, 02:03 am
CVE-2018-7738
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious util-linux In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. March 6, 2018, 20:03 pm
CVE-2018-7643
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious binutils The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. March 2, 2018, 09:03 am
CVE-2018-7642
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 In progress
CGE 7.0 Resolved
Normal binutils The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. March 2, 2018, 09:03 am
CVE-2018-7584
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. March 1, 2018, 13:03 pm
CVE-2018-7570
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.0 Resolved
Normal binutils The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. February 28, 2018, 15:02 pm
CVE-2018-7569
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.4 In progress
CGE 7.0 Resolved
Normal binutils dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. February 28, 2018, 15:02 pm
CVE-2018-7568
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal binutils The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. February 28, 2018, 15:02 pm
CVE-2018-7566
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. March 30, 2018, 16:03 pm
CVE-2018-7550
5.8 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal qemu The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. March 1, 2018, 11:03 am
CVE-2018-7492
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. February 26, 2018, 14:02 pm
CVE-2018-7480
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. February 25, 2018, 14:02 pm
CVE-2018-7421
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. February 23, 2018, 16:02 pm
CVE-2018-7420
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser could crash. This was addressed in wiretap/pcapng.c by adding a block-size check for sysdig event blocks. February 23, 2018, 16:02 pm
CVE-2018-7419
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. February 23, 2018, 16:02 pm
CVE-2018-7418
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value. February 23, 2018, 16:02 pm
CVE-2018-7417
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. February 23, 2018, 16:02 pm
CVE-2018-7337
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious wireshark In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. February 23, 2018, 16:02 pm
CVE-2018-7336
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol dissector could crash. This was addressed in epan/dissectors/packet-fcp.c by checking for a NULL pointer. February 23, 2018, 16:02 pm
CVE-2018-7335
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. February 23, 2018, 16:02 pm
CVE-2018-7334
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. February 23, 2018, 16:02 pm
CVE-2018-7333
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. February 23, 2018, 16:02 pm
CVE-2018-7332
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length. February 23, 2018, 16:02 pm
CVE-2018-7331
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. February 23, 2018, 16:02 pm
CVE-2018-7330
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. February 23, 2018, 16:02 pm
CVE-2018-7329
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. February 23, 2018, 16:02 pm
CVE-2018-7328
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths. February 23, 2018, 16:02 pm
CVE-2018-7327
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. February 23, 2018, 16:02 pm
CVE-2018-7326
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type. February 23, 2018, 16:02 pm
CVE-2018-7325
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. February 23, 2018, 16:02 pm
CVE-2018-7324
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-sccp.c had an infinite loop that was addressed by using a correct integer data type. February 23, 2018, 16:02 pm
CVE-2018-7323
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. February 23, 2018, 16:02 pm
CVE-2018-7322
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. February 23, 2018, 16:02 pm
CVE-2018-7321
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type. February 23, 2018, 16:02 pm
CVE-2018-7320
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets. February 23, 2018, 16:02 pm
CVE-2018-7273
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR. February 20, 2018, 18:02 pm
CVE-2018-7260
5.4 MV Product/Version
affected:
CGE 7.0 Resolved
Normal phpmyadmin Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. February 21, 2018, 09:02 am
CVE-2018-7208
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Serious binutils In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. February 17, 2018, 22:02 pm
CVE-2018-7187
8.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious go The go get implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for :// anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. February 16, 2018, 11:02 am
CVE-2018-7185
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious ntp The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the other side of an interleaved association causing the victim ntpd to reset its association. March 6, 2018, 14:03 pm
CVE-2018-7184
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious ntp ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the received timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. March 6, 2018, 14:03 pm
CVE-2018-7183
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical ntp Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. March 8, 2018, 14:03 pm
CVE-2018-7182
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious ntp The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. March 6, 2018, 14:03 pm
CVE-2018-7170
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal ntp ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victims clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. March 6, 2018, 14:03 pm
CVE-2018-7169
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
Normal shadow An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used group blacklisting (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. February 15, 2018, 14:02 pm
CVE-2018-7160
8.3 MV Product/Version
affected:
CGE 7.0 Resolved
Serious nodejs The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. May 17, 2018, 09:05 am
CVE-2018-7159
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious nodejs The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete. May 17, 2018, 09:05 am
CVE-2018-7158
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal nodejs The `path` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `path` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service. May 17, 2018, 09:05 am
CVE-2018-6954
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious systemd systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. February 13, 2018, 14:02 pm
CVE-2018-6952
7.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 Resolved
Serious patch A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. February 13, 2018, 13:02 pm
CVE-2018-6951
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious patch An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a mangled rename issue. February 13, 2018, 13:02 pm
CVE-2018-6927
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious kernel The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. February 12, 2018, 13:02 pm
CVE-2018-6914
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious ruby Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. April 3, 2018, 17:04 pm
CVE-2018-6913
4 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.4 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal perl Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. April 17, 2018, 15:04 pm
CVE-2018-6872
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal binutils The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment. February 9, 2018, 00:02 am
CVE-2018-6836
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Critical wireshark The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. February 8, 2018, 01:02 am
CVE-2018-6829
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.4 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Serious libgcrypt cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypts ElGamal implementation. February 7, 2018, 17:02 pm
CVE-2018-6798
7.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious perl An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. April 17, 2018, 15:04 pm
CVE-2018-6797
6.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 In progress
CGX 2.2 In progress
CGE 7.0 Resolved
Normal perl An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. April 17, 2018, 15:04 pm
CVE-2018-6764
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libvirt util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. February 23, 2018, 11:02 am
CVE-2018-6759
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal binutils The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. February 6, 2018, 15:02 pm
CVE-2018-6574
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical go Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow go get remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. February 7, 2018, 15:02 pm
CVE-2018-6556
4.7 MV Product/Version
affected:
Normal lxc lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldnt otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. August 10, 2018, 10:08 am
CVE-2018-6551
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
Normal glibc The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. February 2, 2018, 08:02 am
CVE-2018-6543
5.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal glibc In GNU Binutils 2.30, theres an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. February 2, 2018, 03:02 am
CVE-2018-6485
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious glibc An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. February 1, 2018, 08:02 am
CVE-2018-6459
5.3 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 In progress
CGE 7.0 Resolved
Normal strongswan The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. February 20, 2018, 09:02 am
CVE-2018-6412
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious kernel In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. January 31, 2018, 01:01 am
CVE-2018-6323
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Serious binutils The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. January 26, 2018, 02:01 am
CVE-2018-6003
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious libtasn1 An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. January 22, 2018, 14:01 pm
CVE-2018-5995
0 MV Product/Version
affected:
Low kernel The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a pages/cpu printk call. August 7, 2018, 13:08 pm
CVE-2018-5953
0 MV Product/Version
affected:
Low kernel The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a software IO TLB printk call. August 7, 2018, 13:08 pm
CVE-2018-5873
5.0 MV Product/Version
affected:
Normal kernel An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. July 6, 2018, 14:07 pm
CVE-2018-5814
5.3 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. June 12, 2018, 11:06 am
CVE-2018-5803
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. June 12, 2018, 11:06 am
CVE-2018-5784
5.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal tiff In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. January 19, 2018, 02:01 am
CVE-2018-5764
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.0 In progress
Serious rsync The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. January 17, 2018, 16:01 pm
CVE-2018-5750
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. January 26, 2018, 13:01 pm
CVE-2018-5748
6.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal libvirt qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. January 25, 2018, 10:01 am
CVE-2018-5738
7.5 MV Product/Version
affected:
Serious bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 23, 2018, 11:07 am
CVE-2018-5734
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious dhcp ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. May 31, 2018, 23:05 pm
CVE-2018-5733
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious dhcp ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 19:07 pm
CVE-2018-5732
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious dhcp ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 19:07 pm
CVE-2018-5712
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
Normal php An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. January 16, 2018, 03:01 am
CVE-2018-5711
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal php gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. January 16, 2018, 03:01 am
CVE-2018-5703
8.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. January 16, 2018, 03:01 am
CVE-2018-5683
3.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low qemu The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. January 23, 2018, 12:01 pm
CVE-2018-5390
7.5 MV Product/Version
affected:
Serious kernel Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. August 6, 2018, 15:08 pm
CVE-2018-5388
6.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal strongswan In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. May 31, 2018, 08:05 am
CVE-2018-5381
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal quagga The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of Capabilities in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. February 19, 2018, 07:02 am
CVE-2018-5380
4.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal quagga The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. February 19, 2018, 07:02 am
CVE-2018-5379
8.1 MV Product/Version
affected:
CGE 7.0 Resolved
Serious squid The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. February 19, 2018, 07:02 am
CVE-2018-5378
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal quagga The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash. February 19, 2018, 07:02 am
CVE-2018-5360
4.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal tiff LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. January 13, 2018, 20:01 pm
CVE-2018-5344
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal kernel In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. January 12, 2018, 03:01 am
CVE-2018-5336
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. January 11, 2018, 15:01 pm
CVE-2018-5335
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal wireshark In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. January 11, 2018, 15:01 pm
CVE-2018-5334
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. January 11, 2018, 15:01 pm
CVE-2018-5333
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. January 11, 2018, 01:01 am
CVE-2018-5332
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal kernel In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). January 11, 2018, 01:01 am
CVE-2018-5146
8.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious libvorbis An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. June 11, 2018, 16:06 pm
CVE-2018-3693
5.6 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Normal kernel Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. July 10, 2018, 16:07 pm
CVE-2018-3665
5.6 MV Product/Version
affected:
CGX 2.4 In progress
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
Normal kernel System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. June 21, 2018, 15:06 pm
CVE-2018-3646
7.1 MV Product/Version
affected:
Serious kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 14, 2018, 23:08 pm
CVE-2018-3640
2.6 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low kernel Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. May 22, 2018, 07:05 am
CVE-2018-3639
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.2 In progress
CGE 7.0 In progress
Normal linux_kernel libvirt Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. May 22, 2018, 07:05 am
CVE-2018-3620
7.1 MV Product/Version
affected:
Serious kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 14, 2018, 23:08 pm
CVE-2018-3615
7.9 MV Product/Version
affected:
Serious kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 14, 2018, 23:08 pm
CVE-2018-2952
7.5 MV Product/Version
affected:
Serious openjdk Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). July 18, 2018, 08:07 am
CVE-2018-2773
4.1 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). April 18, 2018, 21:04 pm
CVE-2018-2771
4.4 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). April 18, 2018, 21:04 pm
CVE-2018-2769
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 18, 2018, 21:04 pm
CVE-2018-2766
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 18, 2018, 21:04 pm
CVE-2018-2762
4.4 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 18, 2018, 21:04 pm
CVE-2018-2761
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). April 18, 2018, 21:04 pm
CVE-2018-2759
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 18, 2018, 21:04 pm
CVE-2018-2758
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). April 18, 2018, 21:04 pm
CVE-2018-2755
7.7 MV Product/Version
affected:
CGE 7.0 Resolved
Serious mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). April 18, 2018, 21:04 pm
CVE-2018-2703
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2696
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2668
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2667
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2665
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2647
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). January 17, 2018, 20:01 pm
CVE-2018-2646
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2645
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). January 17, 2018, 20:01 pm
CVE-2018-2640
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2622
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2612
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). January 17, 2018, 20:01 pm
CVE-2018-2600
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2591
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2590
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2586
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2583
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2576
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2573
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2565
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). January 17, 2018, 20:01 pm
CVE-2018-2562
7.1 MV Product/Version
affected:
CGE 7.0 Resolved
Serious mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). January 17, 2018, 20:01 pm
CVE-2018-15173
4.4 MV Product/Version
affected:
Normal nmap Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. August 7, 2018, 19:08 pm
CVE-2018-14884
7.5 MV Product/Version
affected:
Serious php An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call. August 3, 2018, 08:08 am
CVE-2018-14883
5.9 MV Product/Version
affected:
Normal php An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. August 3, 2018, 08:08 am
CVE-2018-14851
5.9 MV Product/Version
affected:
Normal php exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. August 2, 2018, 14:08 pm
CVE-2018-14734
7.5 MV Product/Version
affected:
Serious kernel drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). July 29, 2018, 18:07 pm
CVE-2018-14617
4.2 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. July 26, 2018, 23:07 pm
CVE-2018-14616
4.2 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image. July 26, 2018, 23:07 pm
CVE-2018-14615
4.2 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. July 26, 2018, 23:07 pm
CVE-2018-14614
4.2 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image. July 26, 2018, 23:07 pm
CVE-2018-14613
4.2 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. July 26, 2018, 23:07 pm
CVE-2018-14612
4.2 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. July 26, 2018, 23:07 pm
CVE-2018-14611
4.2 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c. July 26, 2018, 23:07 pm
CVE-2018-14610
4.2 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. July 26, 2018, 23:07 pm
CVE-2018-14609
4.2 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. July 26, 2018, 23:07 pm
CVE-2018-14526
8.3 MV Product/Version
affected:
Serious wpa_supplicant An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. August 8, 2018, 14:08 pm
CVE-2018-14424
4.4 MV Product/Version
affected:
Normal gdbm The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. August 14, 2018, 13:08 pm
CVE-2018-14404
6.5 MV Product/Version
affected:
Normal libxml2 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. July 19, 2018, 08:07 am
CVE-2018-14378
6.5 MV Product/Version
affected:
Normal tiff An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an invalid or empty tif argument to TIFFWriteBufferSetup in tif_write.c, and it can be exploited (at a minimum) via the following high-level library API function: TIFFWriteTile. July 17, 2018, 18:07 pm
CVE-2018-14375
7.5 MV Product/Version
affected:
Serious tiff An issue was discovered in LibTIFF 4.0.9. A buffer overflow vulnerability can occur via an invalid or empty tif argument to TIFFRGBAImageOK in tif_getimage.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFReadRGBAImage, TIFFRGBAImageOK, and TIFFRGBAImageBegin. July 17, 2018, 18:07 pm
CVE-2018-14374
7.5 MV Product/Version
affected:
Serious tiff An issue was discovered in LibTIFF 4.0.9. A buffer overflow can occur via an empty fmt argument to unixErrorHandler in tif_unix.c, and it can be exploited (at a minimum) via the following high-level library API functions: TIFFClientOpen, TIFFFdOpen, TIFFRawStripSize, TIFFCheckTile, TIFFComputeStrip, TIFFReadRawTile, TIFFUnRegisterCODEC, and TIFFWriteEncodedTile. July 17, 2018, 18:07 pm
CVE-2018-14373
7.5 MV Product/Version
affected:
Serious tiff An issue was discovered in LibTIFF 4.0.9. In TIFFFindField in tif_dirinfo.c, the structure tif is being dereferenced without first checking that the structure is not empty and has the requested fields (tif_foundfield). In the call sequences following from the affected library functions (TIFFVGetField, TIFFVGetFieldDefaulted, TIFFVStripSize, TIFFScanlineSize, TIFFTileSize, TIFFGetFieldDefaulted, and TIFFGetField), this sanitization of the tif structure is never being done and, hence, using them with an invalid or empty tif structure will trigger a buffer overflow, leading to a crash. July 17, 2018, 18:07 pm
CVE-2018-14370
6.5 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read. July 18, 2018, 21:07 pm
CVE-2018-14369
6.5 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. July 18, 2018, 21:07 pm
CVE-2018-14368
5.3 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. July 18, 2018, 21:07 pm
CVE-2018-14367
5.7 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. July 18, 2018, 21:07 pm
CVE-2018-14348
4.4 MV Product/Version
affected:
Normal libcgroup libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. August 14, 2018, 13:08 pm
CVE-2018-14344
5.7 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read. July 18, 2018, 21:07 pm
CVE-2018-14343
5.7 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. July 18, 2018, 21:07 pm
CVE-2018-14342
5.7 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. July 18, 2018, 21:07 pm
CVE-2018-14341
5.7 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. July 18, 2018, 21:07 pm
CVE-2018-14340
5.7 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. July 18, 2018, 21:07 pm
CVE-2018-14339
5.7 MV Product/Version
affected:
Normal wireshark In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. July 18, 2018, 21:07 pm
CVE-2018-14056
4.4 MV Product/Version
affected:
Normal znc ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. July 14, 2018, 20:07 pm
CVE-2018-14055
7.5 MV Product/Version
affected:
Serious znc ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. July 14, 2018, 20:07 pm
CVE-2018-13785
6.5 MV Product/Version
affected:
Normal libpng In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. July 9, 2018, 08:07 am
CVE-2018-13419
6.5 MV Product/Version
affected:
Normal libsndfile An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c, as demonstrated by sndfile-convert. July 7, 2018, 12:07 pm
CVE-2018-13406
5.5 MV Product/Version
affected:
Normal kernel An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. July 6, 2018, 09:07 am
CVE-2018-13405
7.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.4 In progress
CGX 2.0 Resolved
Serious kernel The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. July 6, 2018, 09:07 am
CVE-2018-1333
7.5 MV Product/Version
affected:
Serious apache2 By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). June 18, 2018, 13:06 pm
CVE-2018-13139
7.8 MV Product/Version
affected:
Serious libsndfile A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. July 4, 2018, 09:07 am
CVE-2018-1312
4.2 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal apache2 In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. March 26, 2018, 10:03 am
CVE-2018-13100
5.0 MV Product/Version
affected:
Normal kernel An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. July 3, 2018, 05:07 am
CVE-2018-13099
5.0 MV Product/Version
affected:
Normal kernel An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. July 3, 2018, 05:07 am
CVE-2018-13098
5.0 MV Product/Version
affected:
Normal kernel An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. July 3, 2018, 05:07 am
CVE-2018-13097
7.1 MV Product/Version
affected:
Serious kernel An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG). July 3, 2018, 05:07 am
CVE-2018-13096
5.0 MV Product/Version
affected:
Normal kernel An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image. July 3, 2018, 05:07 am
CVE-2018-13095
5.0 MV Product/Version
affected:
Normal kernel An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. July 3, 2018, 05:07 am
CVE-2018-13094
5.0 MV Product/Version
affected:
Normal kernel An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. July 3, 2018, 05:07 am
CVE-2018-13093
8.6 MV Product/Version
affected:
Serious kernel An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. July 3, 2018, 05:07 am
CVE-2018-13053
5.5 MV Product/Version
affected:
Normal kernel The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. July 2, 2018, 07:07 am
CVE-2018-13033
5.0 MV Product/Version
affected:
Normal binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. July 1, 2018, 11:07 am
CVE-2018-1303
5.3 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal apache2 A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability. March 26, 2018, 10:03 am
CVE-2018-1302
5.9 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal apache2 When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. March 26, 2018, 10:03 am
CVE-2018-1301
3.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low apache2 A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage. March 26, 2018, 10:03 am
CVE-2018-12931
7.4 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Serious kernel ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. June 28, 2018, 09:06 am
CVE-2018-12930
7.4 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.0 In progress
Serious kernel ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. June 28, 2018, 09:06 am
CVE-2018-12929
7.4 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 In progress
CGX 2.0 In progress
CGX 2.0 In progress
Serious kernel ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem. June 28, 2018, 09:06 am
CVE-2018-12928
5.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem. June 28, 2018, 09:06 am
CVE-2018-12904
7.8 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
Serious kernel In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL. June 27, 2018, 06:06 am
CVE-2018-12900
5.5 MV Product/Version
affected:
Normal tiff Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. June 26, 2018, 17:06 pm
CVE-2018-12896
5.5 MV Product/Version
affected:
Normal kernel An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. July 2, 2018, 12:07 pm
CVE-2018-12882
6.3 MV Product/Version
affected:
Normal php exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. June 25, 2018, 22:06 pm
CVE-2018-1283
4.2 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal apache2 In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a Session header. This comes from the HTTP_SESSION variable name used by mod_session to forward its data to CGIs, since the prefix HTTP_ is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. March 26, 2018, 10:03 am
CVE-2018-12714
7.1 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Serious kernel An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls. June 24, 2018, 18:06 pm
CVE-2018-12700
6.5 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 In progress
CGX 2.4 In progress
CGX 2.0 In progress
Normal gcc A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion. June 23, 2018, 18:06 pm
CVE-2018-12699
6.5 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 In progress
CGX 2.0 In progress
CGX 2.4 In progress
Normal gcc finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump. June 23, 2018, 18:06 pm
CVE-2018-12698
6.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Normal gcc demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the Create an array for saving the template argument values XNEWVEC call. This can occur during execution of objdump. June 23, 2018, 18:06 pm
CVE-2018-12697
6.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 In progress
CGX 2.4 In progress
CGE 7.0 In progress
Normal gcc A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. June 23, 2018, 18:06 pm
CVE-2018-12641
6.5 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 In progress
CGX 2.4 In progress
CGX 2.0 In progress
Normal gcc An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. June 22, 2018, 07:06 am
CVE-2018-12633
7.1 MV Product/Version
affected:
CGE 7.0 Resolved
Serious accel-ppp An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. June 21, 2018, 19:06 pm
CVE-2018-12617
6.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 In progress
CGX 2.4 In progress
CGX 2.2 In progress
Normal qemu qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. June 21, 2018, 13:06 pm
CVE-2018-12327
7.0 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 Resolved
CGE 7.0 In progress
Serious ntp Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source. June 20, 2018, 09:06 am
CVE-2018-12326
7.5 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 In progress
Serious redis Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. June 17, 2018, 09:06 am
CVE-2018-12233
7.1 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Serious kernel In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. June 12, 2018, 07:06 am
CVE-2018-12232
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownats execution, leading to a NULL pointer dereference and system crash. June 12, 2018, 07:06 am
CVE-2018-12020
7.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Serious gnupg mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the --status-fd 2 option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. June 8, 2018, 16:06 pm
CVE-2018-12015
5.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal perl In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. June 7, 2018, 08:06 am
CVE-2018-11806
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious qemu m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. June 13, 2018, 11:06 am
CVE-2018-1172
5.9 MV Product/Version
affected:
CGE 7.0 In progress
Normal squid This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088. May 16, 2018, 16:05 pm
CVE-2018-11652
7.6 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
Serious nikto CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. June 1, 2018, 10:06 am
CVE-2018-11574
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Serious ppp Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected. June 14, 2018, 15:06 pm
CVE-2018-11508
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. May 28, 2018, 08:05 am
CVE-2018-11506
6.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. May 27, 2018, 23:05 pm
CVE-2018-11412
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal kernel In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. May 24, 2018, 13:05 pm
CVE-2018-11362
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal accel-ppp In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing character. May 22, 2018, 16:05 pm
CVE-2018-11361
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey. May 22, 2018, 16:05 pm
CVE-2018-11360
5.9 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. May 22, 2018, 16:05 pm
CVE-2018-11359
5.9 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. May 22, 2018, 16:05 pm
CVE-2018-11358
5.9 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. May 22, 2018, 16:05 pm
CVE-2018-11357
5.9 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. May 22, 2018, 16:05 pm
CVE-2018-11356
5.9 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. May 22, 2018, 16:05 pm
CVE-2018-11355
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. May 22, 2018, 16:05 pm
CVE-2018-11354
5.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. May 22, 2018, 16:05 pm
CVE-2018-1130
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. May 10, 2018, 08:05 am
CVE-2018-1126
4.8 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal procps procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. May 23, 2018, 08:05 am
CVE-2018-1125
4.4 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal procps procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. May 23, 2018, 09:05 am
CVE-2018-1124
7.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious procps procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. May 23, 2018, 08:05 am
CVE-2018-11237
6.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal glibc An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. May 18, 2018, 11:05 am
CVE-2018-11236
8.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
Serious glibc stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. May 18, 2018, 11:05 am
CVE-2018-11235
5.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal git In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs git clone --recurse-submodules because submodule names are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with ../ in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. May 29, 2018, 23:05 pm
CVE-2018-11232
5.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. May 17, 2018, 23:05 pm
CVE-2018-1123
6.6 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal procps procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). May 23, 2018, 09:05 am
CVE-2018-1122
7.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious procps procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. May 23, 2018, 09:05 am
CVE-2018-11219
6.3 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 Resolved
Normal redis An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. June 17, 2018, 12:06 pm
CVE-2018-11218
6.3 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 In progress
Normal redis Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. June 17, 2018, 12:06 pm
CVE-2018-1121
3.9 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low procps procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernels proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ngs utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. June 13, 2018, 15:06 pm
CVE-2018-1120
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a processs memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). June 20, 2018, 08:06 am
CVE-2018-1118
5.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. May 10, 2018, 17:05 pm
CVE-2018-1116
7.1 MV Product/Version
affected:
Serious polkit A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. July 10, 2018, 14:07 pm
CVE-2018-1115
5.3 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal postgresql postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesnt follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation. May 10, 2018, 14:05 pm
CVE-2018-1108
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal kernel kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernels implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. May 21, 2018, 16:05 pm
CVE-2018-1099
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal etcd DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address). April 3, 2018, 11:04 am
CVE-2018-1098
3.1 MV Product/Version
affected:
CGE 7.0 Resolved
Low etcd A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (cant PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send. April 3, 2018, 11:04 am
CVE-2018-10963
5.7 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal tiff The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. May 9, 2018, 21:05 pm
CVE-2018-1095
4.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. April 1, 2018, 22:04 pm
CVE-2018-10940
7.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. May 9, 2018, 12:05 pm
CVE-2018-1094
4.4 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. April 1, 2018, 22:04 pm
CVE-2018-1093
4.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
Normal kernel The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. April 1, 2018, 22:04 pm
CVE-2018-10925
7.1 MV Product/Version
affected:
Serious postgresql It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with INSERT ... ON CONFLICT DO UPDATE. An attacker with CREATE TABLE privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain INSERT and limited UPDATE privileges to a particular table, they could exploit this to update other columns in the same table. August 9, 2018, 16:08 pm
CVE-2018-1092
4.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. April 1, 2018, 22:04 pm
CVE-2018-10916
5.3 MV Product/Version
affected:
Normal lftp It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victims system. August 1, 2018, 09:08 am
CVE-2018-1091
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. March 27, 2018, 16:03 pm
CVE-2018-10906
5.3 MV Product/Version
affected:
Normal fuse In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the allow_other mount option regardless of whether user_allow_other is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. July 24, 2018, 15:07 pm
CVE-2018-10901
7.0 MV Product/Version
affected:
Serious kernel A flaw was found in Linux kernels KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a hosts userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. July 26, 2018, 12:07 pm
CVE-2018-10883
5.7 MV Product/Version
affected:
Normal kernel A flaw was found in the Linux kernels ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. July 30, 2018, 11:07 am
CVE-2018-10882
5.7 MV Product/Version
affected:
Normal kernel A flaw was found in the Linux kernels ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. July 27, 2018, 13:07 pm
CVE-2018-10881
4.2 MV Product/Version
affected:
Normal kernel A flaw was found in the Linux kernels ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. July 26, 2018, 13:07 pm
CVE-2018-10880
5.5 MV Product/Version
affected:
Normal kernel Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. July 25, 2018, 08:07 am
CVE-2018-10879
4.2 MV Product/Version
affected:
Normal kernel A flaw was found in the Linux kernels ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. July 26, 2018, 13:07 pm
CVE-2018-10878
4.8 MV Product/Version
affected:
Normal kernel A flaw was found in the Linux kernels ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. July 26, 2018, 13:07 pm
CVE-2018-10877
6.1 MV Product/Version
affected:
Normal kernel Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. July 18, 2018, 10:07 am
CVE-2018-10876
5.0 MV Product/Version
affected:
Normal kernel A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. July 26, 2018, 13:07 pm
CVE-2018-1087
8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernels KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. May 15, 2018, 11:05 am
CVE-2018-10852
6.5 MV Product/Version
affected:
Normal sssd The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. June 26, 2018, 09:06 am
CVE-2018-10840
6.1 MV Product/Version
affected:
Normal kernel Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. July 16, 2018, 15:07 pm
CVE-2018-1084
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
Serious corosync corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. April 12, 2018, 12:04 pm
CVE-2018-10811
5.9 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal strongswan strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. June 19, 2018, 16:06 pm
CVE-2018-10801
5.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal tiff TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. May 8, 2018, 01:05 am
CVE-2018-1078
9.8 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 In progress
Critical openflow OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and their timers reset resulting in traffic being allowed that should be expired. March 16, 2018, 15:03 pm
CVE-2018-10779
3.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low tiff TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. May 7, 2018, 02:05 am
CVE-2018-10754
5.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal ncurses In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. May 4, 2018, 21:05 pm
CVE-2018-10689
2.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low blktrace blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file. May 3, 2018, 02:05 am
CVE-2018-1068
8.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel A flaw was found in the Linux 4.x kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. March 16, 2018, 11:03 am
CVE-2018-10675
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal kernel The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. May 2, 2018, 13:05 pm
CVE-2018-1066
6.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. March 2, 2018, 02:03 am
CVE-2018-1065
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. March 2, 2018, 02:03 am
CVE-2018-1064
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libvirt libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. March 28, 2018, 13:03 pm
CVE-2018-1063
4.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal selinux Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. March 2, 2018, 09:03 am
CVE-2018-1061
6.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 In progress
Normal python python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. June 19, 2018, 07:06 am
CVE-2018-1060
4.3 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal python python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3libs apop() method. An attacker could use this flaw to cause denial of service. June 18, 2018, 09:06 am
CVE-2018-1059
6.1 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
Normal dpdk The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. April 24, 2018, 13:04 pm
CVE-2018-1058
8.8 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Serious postgresql A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. March 2, 2018, 09:03 am
CVE-2018-1057
8.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious samba On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users passwords, including administrative users and privileged service accounts (eg Domain Controllers). March 13, 2018, 11:03 am
CVE-2018-10549
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious php An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final character. April 29, 2018, 16:04 pm
CVE-2018-10548
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious php An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. April 29, 2018, 16:04 pm
CVE-2018-10547
6.1 MV Product/Version
affected:
CGE 7.0 Resolved
Normal php An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. April 29, 2018, 16:04 pm
CVE-2018-10546
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious accel-ppp An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. April 29, 2018, 16:04 pm
CVE-2018-10545
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
Normal php An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second users PHP applications by running gcore on the PID of the PHP-FPM worker process. April 29, 2018, 16:04 pm
CVE-2018-10535
5.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Normal binutils The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a SECTION type that has a 0 value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. April 29, 2018, 10:04 am
CVE-2018-10534
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Normal binutils The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. April 29, 2018, 10:04 am
CVE-2018-1053
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 In progress
CGE 7.0 Resolved
Serious postgresql In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. February 9, 2018, 08:02 am
CVE-2018-1052
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal postgresql Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. February 9, 2018, 08:02 am
CVE-2018-1050
3.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Low samba All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. March 13, 2018, 11:03 am
CVE-2018-1049
6.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
Normal systemd In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. February 16, 2018, 15:02 pm
CVE-2018-10393
5.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.4 In progress
CGE 7.0 Resolved
Normal libvorbis bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. April 26, 2018, 00:04 am
CVE-2018-10392
5.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal libvorbis mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. April 26, 2018, 00:04 am
CVE-2018-10373
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
Normal binutils concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. April 25, 2018, 04:04 am
CVE-2018-10372
6.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal binutils process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. April 25, 2018, 04:04 am
CVE-2018-10323
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. April 24, 2018, 01:04 am
CVE-2018-10322
4.6 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
Normal kernel The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. April 24, 2018, 01:04 am
CVE-2018-10316
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal nasm Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow. April 23, 2018, 21:04 pm
CVE-2018-10254
5.5 MV Product/Version
affected:
CGE 7.0 In progress
Normal nasm Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. April 21, 2018, 11:04 am
CVE-2018-10194
7.0 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 In progress
CGE 7.0 In progress
Serious ghostscript The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. April 18, 2018, 16:04 pm
CVE-2018-10188
8.8 MV Product/Version
affected:
CGE 7.0 Resolved
Serious phpmyadmin phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php. April 19, 2018, 09:04 am
CVE-2018-10126
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Low tiff LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c. April 21, 2018, 16:04 pm
CVE-2018-10124
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. April 16, 2018, 09:04 am
CVE-2018-10087
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
Normal kernel The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. April 13, 2018, 08:04 am
CVE-2018-10074
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering a failure of resource retrieval. April 12, 2018, 13:04 pm
CVE-2018-10021
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel ** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables. April 11, 2018, 12:04 pm
CVE-2018-10016
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
Low nasm Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. April 11, 2018, 00:04 am
CVE-2018-1000517
5.6 MV Product/Version
affected:
Normal busybox BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. June 26, 2018, 11:06 am
CVE-2018-1000500
5.3 MV Product/Version
affected:
Normal busybox Busybox contains a Missing SSL certificate validation vulnerability in The busybox wget applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using busybox wget https://compromised-domain.com/important-file. June 26, 2018, 11:06 am
CVE-2018-1000301
7.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious curl curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. May 24, 2018, 08:05 am
CVE-2018-1000300
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGE 7.0 Resolved
Serious curl curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. May 24, 2018, 08:05 am
CVE-2018-1000204
4.4 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream already: https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 The problem has limited scope, as users dont usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. June 26, 2018, 09:06 am
CVE-2018-1000200
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. May 26, 2018, 15:05 pm
CVE-2018-1000199
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious kernel The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. May 24, 2018, 08:05 am
CVE-2018-1000164
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
Serious gunicorn gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in process_headers function in gunicorn/http/wsgi.py that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. April 18, 2018, 14:04 pm
CVE-2018-1000161
6.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
Normal nmap nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. April 18, 2018, 14:04 pm
CVE-2018-1000156
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
Serious accel-ppp GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSDs CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. April 6, 2018, 08:04 am
CVE-2018-1000155
7.1 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
Serious openflow OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake. May 24, 2018, 08:05 am
CVE-2018-1000122
5.4 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal curl A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage March 14, 2018, 13:03 pm
CVE-2018-1000121
5.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal curl A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service March 14, 2018, 13:03 pm
CVE-2018-1000120
6.3 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal curl A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. March 14, 2018, 13:03 pm
CVE-2018-1000117
6.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
Normal python Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. March 7, 2018, 08:03 am
CVE-2018-1000116
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical net-snmp NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. March 7, 2018, 08:03 am
CVE-2018-1000041
8.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious librsvg GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victims Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. February 9, 2018, 17:02 pm
CVE-2018-1000035
7.8 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.4 In progress
CGX 2.2 In progress
CGE 7.0 Resolved
Serious unzip A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. February 9, 2018, 17:02 pm
CVE-2018-1000034
9.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical unzip An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. February 9, 2018, 17:02 pm
CVE-2018-1000033
9.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Critical unzip An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. February 9, 2018, 17:02 pm
CVE-2018-1000032
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious unzip A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. February 9, 2018, 17:02 pm
CVE-2018-1000031
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious unzip A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. February 9, 2018, 17:02 pm
CVE-2018-1000030
8.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious python Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Frees->Thread2-Re-uses-Freed Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. February 8, 2018, 11:02 am
CVE-2018-1000028
7.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the rootsquash options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa. February 9, 2018, 17:02 pm
CVE-2018-1000027
8.6 MV Product/Version
affected:
CGE 7.0 In progress
Serious squid The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. February 9, 2018, 17:02 pm
CVE-2018-1000026
7.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 In progress
Serious kernel Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. February 9, 2018, 17:02 pm
CVE-2018-1000024
4.3 MV Product/Version
affected:
CGE 7.0 Resolved
Normal squid The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later. February 9, 2018, 17:02 pm
CVE-2018-1000021
8.8 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Serious git GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack). February 9, 2018, 17:02 pm
CVE-2018-1000007
7.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGE 7.0 Resolved
Serious curl libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using clients request. January 24, 2018, 16:01 pm
CVE-2018-1000005
7.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious curl libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasnt updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. January 24, 2018, 16:01 pm
CVE-2018-1000004
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal kernel In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. January 16, 2018, 14:01 pm
CVE-2018-1000001
8.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious glibc In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. January 31, 2018, 08:01 am
CVE-2018-0739
6.5 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
Normal openssl Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). March 27, 2018, 16:03 pm
CVE-2018-0737
3.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
Low openssl The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). April 16, 2018, 13:04 pm
CVE-2018-0733
5.9 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal openssl Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). March 27, 2018, 16:03 pm
CVE-2018-0732
4.3 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal openssl During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). June 12, 2018, 08:06 am
CVE-2018-0545
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical lxc LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. April 9, 2018, 08:04 am
CVE-2018-0500
7.5 MV Product/Version
affected:
Serious curl Curl_smtp_escape_eob in lib/smtp.c in curl before 7.61.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). July 11, 2018, 08:07 am
CVE-2018-0495
5.3 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal libgcrypt Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. June 13, 2018, 18:06 pm
CVE-2018-0494
4.3 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal wget GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a sequence in a continuation line. May 6, 2018, 17:05 pm