The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2018-1000802 | Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command (\'Command Injection\') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. | HIGH | Sep 28, 2018 | 10.18.44.1 (Wind River Linux LTS 18) |
CVE-2018-14647 | Python\'s elementtree C accelerator failed to initialise Expat\'s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat\'s internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. | MEDIUM | Sep 30, 2018 | 10.18.44.9 (Wind River Linux LTS 18) |
CVE-2018-17794 | An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. | MEDIUM | Sep 30, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-17795 | The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935. | MEDIUM | Oct 3, 2018 | 10.18.44.2 (Wind River Linux LTS 18) |
CVE-2018-17942 | The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing \'\\0\' character during %f processing. | MEDIUM | Oct 3, 2018 | 10.18.44.1 (Wind River Linux LTS 18) |
CVE-2018-17985 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many \'P\' characters. | MEDIUM | Oct 4, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-17456 | Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive git clone of a superproject if a .gitmodules file has a URL field beginning with a \'-\' character. | HIGH | Oct 7, 2018 | 10.18.44.1 (Wind River Linux LTS 18) |
CVE-2018-17958 | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | MEDIUM | Oct 9, 2018 | 10.18.44.1 (Wind River Linux LTS 18) |
CVE-2018-17962 | Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. | MEDIUM | Oct 9, 2018 | 10.18.44.1 (Wind River Linux LTS 18) |
CVE-2018-17963 | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | HIGH | Oct 9, 2018 | 10.18.44.1 (Wind River Linux LTS 18) |
CVE-2018-18074 | The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | MEDIUM | Oct 9, 2018 | 10.18.44.1 (Wind River Linux LTS 18) |
CVE-2018-18309 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking. | MEDIUM | Oct 14, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18310 | An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes. | MEDIUM | Oct 14, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-17961 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | MEDIUM | Oct 15, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-18073 | Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | MEDIUM | Oct 15, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-10839 | Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. | MEDIUM | Oct 16, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18384 | Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12. | MEDIUM | Oct 16, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-3174 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H). | LOW | Oct 17, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-3282 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | Medium | Oct 17, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18483 | The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt. | MEDIUM | Oct 18, 2018 | 10.18.44.20 (Wind River Linux LTS 18) |
CVE-2018-18484 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type. | MEDIUM | Oct 18, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-3133 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | Medium | Oct 18, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18284 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | HIGH | Oct 19, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-18520 | An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. | MEDIUM | Oct 19, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-18521 | Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. | MEDIUM | Oct 19, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-18557 | LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write. | MEDIUM | Oct 22, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18605 | A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. | MEDIUM | Oct 23, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18606 | An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. | MEDIUM | Oct 23, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18607 | An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. | MEDIUM | Oct 23, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-10195 | lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. | LOW | Oct 26, 2018 | 10.18.44.1 (Wind River Linux LTS 18) |
CVE-2018-14665 | A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. | HIGH | Oct 26, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-15686 | A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. | HIGH | Oct 26, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-15687 | A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. | LOW | Oct 26, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-15688 | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. | HIGH | Oct 26, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18661 | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | MEDIUM | Oct 26, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-5741 | To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3. | MEDIUM | Oct 26, 2018 | 10.18.44.24 (Wind River Linux LTS 18) |
CVE-2018-0735 | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | MEDIUM | Oct 29, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18700 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. | MEDIUM | Oct 29, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18701 | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. | MEDIUM | Oct 29, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-18751 | An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. | HIGH | Oct 29, 2018 | 10.18.44.2 (Wind River Linux LTS 18) |
CVE-2018-0734 | The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). | MEDIUM | Oct 30, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-16839 | Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | HIGH | Oct 31, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-16840 | A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \'easy\' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. | HIGH | Oct 31, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-16842 | Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | MEDIUM | Oct 31, 2018 | 10.18.44.3 (Wind River Linux LTS 18) |
CVE-2018-14651 | It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. | MEDIUM | Nov 6, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-14653 | The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the \'__server_getspec\' function via the \'gf_getspec_req\' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | MEDIUM | Nov 6, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-14654 | The Gluster file system through version 4.1.4 is vulnerable to abuse of the \'features/index\' translator. A remote attacker with access to mount volumes could exploit this via the \'GF_XATTROP_ENTRY_IN_KEY\' xattrop to create arbitrary, empty files on the target server. | HIGH | Nov 6, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-14659 | The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the \'GF_XATTR_IOSTATS_DUMP_KEY\' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling \'setxattr(2)\' to trigger a state dump and create an arbitrary number of files in the server\'s runtime directory. | MEDIUM | Nov 6, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-14660 | A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. | MEDIUM | Nov 6, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |
CVE-2018-14661 | It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. | MEDIUM | Nov 6, 2018 | 10.18.44.4 (Wind River Linux LTS 18) |