Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2017-7558 A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13.... | N/A | NONE | — | 0 |
| CVE-2017-7562 An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could poten... | 6.5 | MEDIUM | — | 0 |
| CVE-2018-10900 Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into t... | 7.8 | HIGH | — | 0 |
| CVE-2018-0618 Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2017-12163 An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server m... | N/A | NONE | — | 0 |
| CVE-2017-12164 A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as anot... | N/A | NONE | — | 0 |
| CVE-2017-7509 An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is... | N/A | NONE | — | 0 |
| CVE-2017-12167 It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users a... | N/A | NONE | — | 0 |
| CVE-2017-12171 A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator coul... | N/A | NONE | — | 0 |
| CVE-2018-0619 Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via ... | N/A | NONE | — | 0 |
| CVE-2017-2582 It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an at... | N/A | NONE | — | 0 |
| CVE-2018-0607 SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2018-0613 NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and ear... | N/A | NONE | — | 0 |
| CVE-2018-0614 Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.3721041... | N/A | NONE | — | 0 |
| CVE-2018-0617 Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2018-10901 A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host'... | 7.8 | HIGH | — | 0 |
| CVE-2017-12150 It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-i... | 7.4 | HIGH | — | 0 |
| CVE-2018-10876 A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. | N/A | NONE | — | 0 |
| CVE-2018-10878 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafte... | 7.8 | HIGH | — | 0 |
| CVE-2018-10879 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renami... | N/A | NONE | — | 0 |
| CVE-2018-10881 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating... | N/A | NONE | — | 0 |
| CVE-2015-9261 huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | 5.5 | MEDIUM | — | 0 |
| CVE-2017-18344 The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access ... | N/A | NONE | — | 0 |
| CVE-2018-9068 The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SF... | N/A | NONE | — | 0 |
| CVE-2018-14607 Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensiti... | N/A | NONE | — | 0 |
| CVE-2018-14608 Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly acce... | N/A | NONE | — | 0 |
| CVE-2018-14601 An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow. | N/A | NONE | — | 0 |
| CVE-2018-14602 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics featur... | N/A | NONE | — | 0 |
| CVE-2018-14603 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component. | N/A | NONE | — | 0 |
| CVE-2018-14611 An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btr... | N/A | NONE | — | 0 |
| CVE-2018-14604 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. | N/A | NONE | — | 0 |
| CVE-2018-14605 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. | N/A | NONE | — | 0 |
| CVE-2018-14606 An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. | N/A | NONE | — | 0 |
| CVE-2018-14609 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to remo... | N/A | NONE | — | 0 |
| CVE-2018-14610 An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification... | N/A | NONE | — | 0 |
| CVE-2018-14612 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group ma... | N/A | NONE | — | 0 |
| CVE-2018-14613 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block ... | N/A | NONE | — | 0 |
| CVE-2018-14614 An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image. | N/A | NONE | — | 0 |
| CVE-2018-14615 An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negat... | N/A | NONE | — | 0 |
| CVE-2018-14616 An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image. | N/A | NONE | — | 0 |
| CVE-2018-14617 An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link)... | N/A | NONE | — | 0 |
| CVE-2017-12151 A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and ... | N/A | NONE | — | 0 |
| CVE-2017-7464 It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosur... | N/A | NONE | — | 0 |
| CVE-2017-2622 An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access ... | N/A | NONE | — | 0 |
| CVE-2017-2639 It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShi... | N/A | NONE | — | 0 |
| CVE-2018-1999030 An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.j... | N/A | NONE | — | 0 |
| CVE-2017-7470 It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py. | N/A | NONE | — | 0 |
| CVE-2018-6686 Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circu... | 6.6 | MEDIUM | — | 0 |
| CVE-2017-2666 It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid charact... | N/A | NONE | — | 0 |
| CVE-2017-7519 In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.