The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2018-7995 | ** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant. | MEDIUM | Mar 9, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7757 | Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. | LOW | Mar 8, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-7755 | An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. | LOW | Mar 8, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7740 | The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. | MEDIUM | Mar 8, 2018 | 10.17.41.9 (Wind River Linux LTS 17) |
CVE-2018-7738 | In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. | HIGH | Mar 6, 2018 | 10.17.41.6 (Wind River Linux LTS 17) |
CVE-2018-7643 | The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. | MEDIUM | Mar 7, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7642 | The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. | MEDIUM | Mar 2, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7584 | In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. | HIGH | Mar 3, 2018 | 10.17.41.6 (Wind River Linux LTS 17) |
CVE-2018-7570 | The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy. | MEDIUM | Feb 28, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7569 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. | MEDIUM | Feb 28, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7568 | The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. | MEDIUM | Feb 28, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7566 | The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. | MEDIUM | Mar 30, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7557 | The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. | MEDIUM | Feb 28, 2018 | 10.17.41.6 (Wind River Linux LTS 17) |
CVE-2018-7550 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | MEDIUM | Mar 1, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-7537 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator\'s chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | MEDIUM | Mar 9, 2018 | 10.17.41.21 (Wind River Linux LTS 17) |
CVE-2018-7536 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | MEDIUM | Mar 9, 2018 | 10.17.41.21 (Wind River Linux LTS 17) |
CVE-2018-7492 | A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. | MEDIUM | Feb 26, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-7485 | The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. | HIGH | Feb 26, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2018-7480 | The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. | HIGH | Feb 25, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-7456 | A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) | MEDIUM | Feb 24, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7409 | In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. | HIGH | Feb 22, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2018-7260 | Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | LOW | Feb 22, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2018-7208 | In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. | MEDIUM | Feb 21, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-7187 | The go get implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for :// anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | HIGH | Feb 16, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
CVE-2018-7185 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the other side of an interleaved association causing the victim ntpd to reset its association. | Medium | Feb 27, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-7184 | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the received timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. | Medium | Feb 27, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-7183 | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. | Medium | Feb 27, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-7182 | The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. | Medium | Feb 27, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-7170 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim\'s clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. | Low | Feb 27, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-7169 | An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used group blacklisting (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. | MEDIUM | Feb 15, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2018-6954 | systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on. | HIGH | Feb 13, 2018 | 10.17.41.10 (Wind River Linux LTS 17) |
CVE-2018-6952 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | MEDIUM | Feb 17, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2018-6951 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a mangled rename issue. | MEDIUM | Feb 16, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2018-6942 | An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. | MEDIUM | Feb 13, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2018-6927 | The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. | MEDIUM | Feb 15, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
CVE-2018-6913 | Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. | HIGH | Apr 18, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-6798 | An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. | MEDIUM | Apr 17, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-6797 | An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. | HIGH | Apr 17, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-6764 | util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | MEDIUM | Feb 23, 2018 | 10.17.41.6 (Wind River Linux LTS 17) |
CVE-2018-6759 | The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file. | MEDIUM | Feb 16, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-6621 | The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | MEDIUM | Feb 8, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2018-6555 | The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. | HIGH | Sep 4, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-6554 | Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. | MEDIUM | Sep 4, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
CVE-2018-6551 | The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. | High | Feb 22, 2018 | 10.17.41.9 (Wind River Linux LTS 17) |
CVE-2018-6543 | In GNU Binutils 2.30, there\'s an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | Medium | Feb 15, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-6485 | An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. | High | Feb 22, 2018 | 10.17.41.9 (Wind River Linux LTS 17) |
CVE-2018-6392 | The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. | MEDIUM | Jan 29, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2018-6323 | The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | MEDIUM | Jan 26, 2018 | 10.17.41.8 (Wind River Linux LTS 17) |
CVE-2018-6003 | An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. | MEDIUM | Jan 22, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2018-5848 | In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the \'ie_len\' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | MEDIUM | Jun 12, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |