The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2018-15856 | An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. | LOW | Aug 25, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-15855 | Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. | LOW | Aug 25, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-15854 | Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. | LOW | Aug 25, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-15853 | Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. | LOW | Aug 25, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-15822 | The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. | MEDIUM | Aug 23, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-15746 | qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. | LOW | Aug 29, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-15688 | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. | HIGH | Oct 26, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-15686 | A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. | HIGH | Oct 26, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-15599 | The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. | MEDIUM | Aug 20, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-15594 | arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. | LOW | Aug 22, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-15572 | The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. | LOW | Aug 19, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
CVE-2018-15473 | OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | MEDIUM | Aug 24, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-15471 | An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks. | MEDIUM | Aug 17, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-15209 | ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. | MEDIUM | Aug 8, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14884 | An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call. | MEDIUM | Aug 3, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-14883 | An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. | MEDIUM | Aug 3, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-14882 | The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. | High | Oct 11, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
CVE-2018-14881 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). | High | Oct 11, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
CVE-2018-14880 | The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). | High | Oct 3, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
CVE-2018-14879 | The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). | High | Oct 11, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
CVE-2018-14851 | exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. | MEDIUM | Aug 2, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-14734 | drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). | MEDIUM | Jul 29, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-14678 | An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. | HIGH | Jul 28, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-14665 | A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. | HIGH | Oct 26, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14661 | It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. | MEDIUM | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14660 | A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. | MEDIUM | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14659 | The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the \'GF_XATTR_IOSTATS_DUMP_KEY\' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling \'setxattr(2)\' to trigger a state dump and create an arbitrary number of files in the server\'s runtime directory. | MEDIUM | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14654 | The Gluster file system through version 4.1.4 is vulnerable to abuse of the \'features/index\' translator. A remote attacker with access to mount volumes could exploit this via the \'GF_XATTROP_ENTRY_IN_KEY\' xattrop to create arbitrary, empty files on the target server. | HIGH | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14653 | The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the \'__server_getspec\' function via the \'gf_getspec_req\' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | MEDIUM | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14651 | It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. | MEDIUM | Nov 6, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14647 | Python\'s elementtree C accelerator failed to initialise Expat\'s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat\'s internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. | MEDIUM | Sep 30, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14633 | A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target\'s code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. | HIGH | Oct 4, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-14629 | A denial of service vulnerability was discovered in Samba\'s LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service. | MEDIUM | Dec 16, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
CVE-2018-14625 | A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. | MEDIUM | Sep 10, 2018 | 10.17.41.18 (Wind River Linux LTS 17) |
CVE-2018-14618 | curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) | HIGH | Sep 6, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-14617 | An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. | HIGH | Jul 27, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-14615 | An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. | HIGH | Jul 27, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-14614 | An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image. | HIGH | Jul 27, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-14613 | An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. | HIGH | Jul 27, 2018 | 10.17.41.19 (Wind River Linux LTS 17) |
CVE-2018-14612 | An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. | HIGH | Jul 27, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-14611 | An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c. | HIGH | Jul 27, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14610 | An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. | HIGH | Jul 27, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-14609 | An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. | HIGH | Jul 27, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-14600 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. | HIGH | Aug 25, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-14599 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | HIGH | Aug 25, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-14598 | An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). | MEDIUM | Aug 25, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
CVE-2018-14574 | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | MEDIUM | Aug 7, 2018 | 10.17.41.21 (Wind River Linux LTS 17) |
CVE-2018-14567 | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | MEDIUM | Aug 14, 2018 | 10.17.41.10 (Wind River Linux LTS 17) |
CVE-2018-14553 | gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). | MEDIUM | Feb 12, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
CVE-2018-14550 | An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. | MEDIUM | May 30, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |