| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000400 |
269 |
|
|
2018-05-18 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears to be exploitable via container execution. This vulnerability appears to have been fixed in 1.9. |
|
2 |
CVE-2018-1000301 |
125 |
|
DoS |
2018-05-24 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. |
|
3 |
CVE-2018-1000300 |
787 |
|
DoS Overflow |
2018-05-24 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. |
|
4 |
CVE-2018-1000199 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-24 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. |
|
5 |
CVE-2018-1000179 |
476 |
|
DoS |
2018-05-08 |
2020-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. |
|
6 |
CVE-2018-1000178 |
787 |
|
Exec Code |
2018-05-08 |
2020-10-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely. |
|
7 |
CVE-2018-1000177 |
79 |
|
XSS |
2018-05-08 |
2018-06-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions. |
|
8 |
CVE-2018-1000176 |
200 |
|
+Info |
2018-05-08 |
2018-06-13 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured SMTP password. |
|
9 |
CVE-2018-1000175 |
22 |
|
Dir. Trav. |
2018-05-08 |
2018-06-13 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override arbitrary files on the Jenkins master. |
|
10 |
CVE-2018-1000174 |
601 |
|
|
2018-05-08 |
2018-06-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. |
|
11 |
CVE-2018-1000173 |
384 |
|
|
2018-05-08 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session. |
|
12 |
CVE-2018-1000168 |
20 |
|
DoS |
2018-05-08 |
2022-04-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. |
|
13 |
CVE-2018-1000155 |
863 |
|
DoS |
2018-05-24 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake. |
|
14 |
CVE-2018-1000040 |
20 |
|
DoS |
2018-05-24 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. |
|
15 |
CVE-2018-1000039 |
416 |
|
DoS Exec Code |
2018-05-24 |
2019-03-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. |
|
16 |
CVE-2018-1000038 |
787 |
|
Exec Code Overflow |
2018-05-24 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. |
|
17 |
CVE-2018-1000037 |
20 |
|
DoS |
2018-05-24 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. |
|
18 |
CVE-2018-1000036 |
772 |
|
DoS |
2018-05-24 |
2021-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. |
|
19 |
CVE-2018-11633 |
352 |
|
CSRF |
2018-05-31 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities. |
|
20 |
CVE-2018-11632 |
352 |
|
CSRF |
2018-05-31 |
2018-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings via wp-admin/admin-post.php CSRF. There's no nonce or capability check in the whatsapp_share_setting_add_update() function. |
|
21 |
CVE-2018-11631 |
|
|
|
2018-05-31 |
2019-10-03 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic. |
|
22 |
CVE-2018-11627 |
79 |
|
XSS |
2018-05-31 |
2019-02-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. |
|
23 |
CVE-2018-11626 |
787 |
|
Overflow |
2018-05-31 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function. |
|
24 |
CVE-2018-11625 |
125 |
|
|
2018-05-31 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. |
|
25 |
CVE-2018-11624 |
416 |
|
|
2018-05-31 |
2018-06-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. |
|
26 |
CVE-2018-11598 |
125 |
|
DoS Overflow |
2018-05-31 |
2018-06-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c. |
|
27 |
CVE-2018-11597 |
674 |
|
DoS Overflow |
2018-05-31 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c. |
|
28 |
CVE-2018-11596 |
119 |
|
DoS Overflow |
2018-05-31 |
2018-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c. |
|
29 |
CVE-2018-11595 |
119 |
|
DoS Overflow |
2018-05-31 |
2018-06-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused. |
|
30 |
CVE-2018-11594 |
119 |
|
DoS Overflow |
2018-05-31 |
2018-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c. |
|
31 |
CVE-2018-11593 |
787 |
|
DoS Overflow |
2018-05-31 |
2019-10-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c. |
|
32 |
CVE-2018-11592 |
125 |
|
DoS |
2018-05-31 |
2018-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c. |
|
33 |
CVE-2018-11591 |
476 |
|
DoS |
2018-05-31 |
2018-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c. |
|
34 |
CVE-2018-11590 |
190 |
|
DoS Overflow |
2018-05-31 |
2018-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c. |
|
35 |
CVE-2018-11583 |
79 |
|
XSS |
2018-05-31 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. |
|
36 |
CVE-2018-11580 |
79 |
|
XSS |
2018-05-31 |
2018-07-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content. |
|
37 |
CVE-2018-11579 |
287 |
|
|
2018-05-31 |
2018-07-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action. |
|
38 |
CVE-2018-11578 |
119 |
|
Overflow |
2018-05-31 |
2018-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault. |
|
39 |
CVE-2018-11577 |
120 |
|
|
2018-05-31 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. |
|
40 |
CVE-2018-11576 |
125 |
|
|
2018-05-31 |
2018-06-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. |
|
41 |
CVE-2018-11575 |
787 |
|
Overflow |
2018-05-31 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg. |
|
42 |
CVE-2018-11572 |
79 |
|
XSS |
2018-05-31 |
2018-06-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. |
|
43 |
CVE-2018-11571 |
384 |
|
|
2018-05-31 |
2018-06-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ClipperCMS 1.3.3 allows Session Fixation. |
|
44 |
CVE-2018-11568 |
79 |
|
XSS |
2018-05-30 |
2018-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have < and > representations. |
|
45 |
CVE-2018-11567 |
384 |
|
|
2018-05-30 |
2018-07-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still does not respond, the microphone is then turned off. The vulnerability involves empty output-speech reprompts, custom wildcard ("gibberish") input slots, and logging of detected speech. If a maliciously designed skill is installed, an attacker could obtain transcripts of speech not intended for Alexa to process, but simply spoken within the device's hearing range. NOTE: The vendor states "Customer trust is important to us and we take security and privacy seriously. We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do. Customers do not need to take any action for these mitigations to work." |
|
46 |
CVE-2018-11565 |
200 |
|
+Info |
2018-05-30 |
2018-07-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information. |
|
47 |
CVE-2018-11562 |
79 |
|
XSS |
2018-05-30 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. |
|
48 |
CVE-2018-11559 |
79 |
|
XSS |
2018-05-30 |
2018-11-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. |
|
49 |
CVE-2018-11558 |
79 |
|
XSS |
2018-05-30 |
2018-11-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. |
|
50 |
CVE-2018-11557 |
79 |
|
XSS |
2018-05-30 |
2018-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter. |
