The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2018-1054 | An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | MEDIUM | Mar 8, 2018 |
CVE-2018-1053 | In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. | LOW | Feb 14, 2018 |
CVE-2018-1052 | Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. | MEDIUM | Feb 14, 2018 |
CVE-2018-1051 | It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. | MEDIUM | Jan 25, 2018 |
CVE-2018-1050 | All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. | LOW | Mar 13, 2018 |
CVE-2018-1049 | In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. | MEDIUM | Feb 17, 2018 |
CVE-2018-1048 | It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | MEDIUM | Jan 24, 2018 |
CVE-2018-1047 | A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. | LOW | Jan 24, 2018 |
CVE-2018-1046 | pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used. | HIGH | Jul 16, 2018 |
CVE-2018-1045 | In Moodle 3.x, there is XSS via a calendar event name. | LOW | Jan 23, 2018 |
CVE-2018-1044 | In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | MEDIUM | Jan 23, 2018 |
CVE-2018-1043 | In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. | MEDIUM | Jan 22, 2018 |
CVE-2018-1042 | Moodle 3.x has Server Side Request Forgery in the filepicker. | MEDIUM | Jan 23, 2018 |
CVE-2018-1041 | A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. | MEDIUM | Feb 18, 2018 |
CVE-2018-1040 | A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka Windows Code Integrity Module Denial of Service Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | Medium | Jun 18, 2018 |
CVE-2018-1039 | A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka .NET Framework Device Guard Security Feature Bypass Vulnerability. This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. | MEDIUM | May 9, 2018 |
CVE-2018-1038 | The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka Windows Kernel Elevation of Privilege Vulnerability. | HIGH | Apr 9, 2018 |
CVE-2018-1037 | An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka Microsoft Visual Studio Information Disclosure Vulnerability. This affects Microsoft Visual Studio. | MEDIUM | Apr 12, 2018 |
CVE-2018-1036 | An elevation of privilege vulnerability exists when NTFS improperly checks access, aka NTFS Elevation of Privilege Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | Medium | Jun 18, 2018 |
CVE-2018-1035 | A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka Windows Security Feature Bypass Vulnerability. This affects Windows 10, Windows 10 Servers. | MEDIUM | Apr 20, 2018 |
CVE-2018-1034 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft SharePoint Elevation of Privilege Vulnerability. This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1032. | LOW | Apr 12, 2018 |
CVE-2018-1032 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft SharePoint Elevation of Privilege Vulnerability. This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1034. | LOW | Apr 12, 2018 |
CVE-2018-1030 | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka Microsoft Office Remote Code Execution Vulnerability. This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026. | HIGH | Apr 12, 2018 |
CVE-2018-1029 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka Microsoft Excel Remote Code Execution Vulnerability. This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027. | HIGH | Apr 12, 2018 |
CVE-2018-1028 | A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka Microsoft Office Graphics Remote Code Execution Vulnerability. This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server. | HIGH | Apr 12, 2018 |
CVE-2018-1027 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka Microsoft Excel Remote Code Execution Vulnerability. This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029. | HIGH | Apr 12, 2018 |
CVE-2018-1026 | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka Microsoft Office Remote Code Execution Vulnerability. This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030. | HIGH | Apr 12, 2018 |
CVE-2018-1025 | An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka Microsoft Browser Information Disclosure Vulnerability. This affects Internet Explorer 11, Microsoft Edge. | MEDIUM | May 9, 2018 |
CVE-2018-1023 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka Microsoft Browser Memory Corruption Vulnerability. This affects Microsoft Edge, ChakraCore. | HIGH | Apr 12, 2018 |
CVE-2018-1022 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka Scripting Engine Memory Corruption Vulnerability. This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | HIGH | May 9, 2018 |
CVE-2018-1021 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka Microsoft Edge Information Disclosure Vulnerability. This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123. | MEDIUM | May 9, 2018 |
CVE-2018-1020 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka Internet Explorer Memory Corruption Vulnerability. This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018. | HIGH | Apr 12, 2018 |
CVE-2018-1019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka Chakra Scripting Engine Memory Corruption Vulnerability. This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995. | HIGH | Apr 12, 2018 |
CVE-2018-1018 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka Internet Explorer Memory Corruption Vulnerability. This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1020. | HIGH | Apr 12, 2018 |
CVE-2018-1016 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka Microsoft Graphics Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015. | HIGH | Apr 12, 2018 |
CVE-2018-1015 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka Microsoft Graphics Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1016. | HIGH | Apr 12, 2018 |
CVE-2018-1014 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft SharePoint Elevation of Privilege Vulnerability. This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034. | MEDIUM | Apr 12, 2018 |
CVE-2018-1013 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka Microsoft Graphics Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016. | HIGH | Apr 12, 2018 |
CVE-2018-1012 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka Microsoft Graphics Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. | HIGH | Apr 12, 2018 |
CVE-2018-1011 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka Microsoft Excel Remote Code Execution Vulnerability. This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029. | HIGH | Apr 12, 2018 |
CVE-2018-1010 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka Microsoft Graphics Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. | HIGH | Apr 12, 2018 |
CVE-2018-1009 | An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory, aka Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability. This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | HIGH | Apr 12, 2018 |
CVE-2018-1008 | An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka OpenType Font Driver Elevation of Privilege Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | MEDIUM | Apr 12, 2018 |
CVE-2018-1007 | An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka Microsoft Office Information Disclosure Vulnerability. This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950. | LOW | Apr 12, 2018 |
CVE-2018-1005 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft SharePoint Elevation of Privilege Vulnerability. This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1014, CVE-2018-1032, CVE-2018-1034. | LOW | Apr 12, 2018 |
CVE-2018-1004 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka Windows VBScript Engine Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. | HIGH | Apr 12, 2018 |
CVE-2018-1003 | A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka Microsoft JET Database Engine Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. | HIGH | Apr 12, 2018 |
CVE-2018-1001 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka Scripting Engine Memory Corruption Vulnerability. This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-0996. | HIGH | Apr 12, 2018 |
CVE-2018-1000 | An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka Scripting Engine Information Disclosure Vulnerability. This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989. | LOW | Apr 12, 2018 |
CVE-2018-0998 | An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka Microsoft Edge Information Disclosure Vulnerability. This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892. | MEDIUM | Apr 12, 2018 |