| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1000301 |
125 |
|
DoS |
2018-05-24 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. |
|
2 |
CVE-2018-1000199 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-24 |
2020-08-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. |
|
3 |
CVE-2018-1000178 |
787 |
|
Exec Code |
2018-05-08 |
2020-10-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely. |
|
4 |
CVE-2018-1000164 |
93 |
|
|
2018-04-18 |
2019-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. |
|
5 |
CVE-2018-1000156 |
20 |
|
Exec Code |
2018-04-06 |
2019-07-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. |
|
6 |
CVE-2018-1000132 |
732 |
|
|
2018-03-14 |
2020-07-31 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1. |
|
7 |
CVE-2018-1000127 |
190 |
|
Overflow |
2018-03-13 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. |
|
8 |
CVE-2018-1000122 |
125 |
|
DoS +Info |
2018-03-14 |
2019-10-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage |
|
9 |
CVE-2018-1000121 |
476 |
|
DoS |
2018-03-14 |
2019-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service |
|
10 |
CVE-2018-1000120 |
787 |
|
DoS Overflow |
2018-03-14 |
2019-06-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. |
|
11 |
CVE-2018-1000116 |
787 |
|
Exec Code |
2018-03-07 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. |
|
12 |
CVE-2018-1000085 |
125 |
|
|
2018-03-13 |
2019-03-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. |
|
13 |
CVE-2018-1000078 |
79 |
|
XSS |
2018-03-13 |
2019-05-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. |
|
14 |
CVE-2018-1000077 |
20 |
|
|
2018-03-13 |
2019-05-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. |
|
15 |
CVE-2018-1000076 |
347 |
|
|
2018-03-13 |
2019-05-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. |
|
16 |
CVE-2018-1000075 |
835 |
|
|
2018-03-13 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. |
|
17 |
CVE-2018-1000069 |
611 |
|
|
2018-03-13 |
2019-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+. |
|
18 |
CVE-2018-1000041 |
|
|
|
2018-02-09 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows. |
|
19 |
CVE-2018-1000027 |
476 |
|
DoS |
2018-02-09 |
2019-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later. |
|
20 |
CVE-2018-1000024 |
|
|
DoS |
2018-02-09 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later. |
|
21 |
CVE-2018-1000007 |
|
|
+Info |
2018-01-24 |
2022-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. |
|
22 |
CVE-2018-18607 |
476 |
|
DoS |
2018-10-23 |
2019-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
23 |
CVE-2018-18606 |
476 |
|
DoS |
2018-10-23 |
2019-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
24 |
CVE-2018-18605 |
125 |
|
DoS |
2018-10-23 |
2019-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |
|
25 |
CVE-2018-11362 |
125 |
|
|
2018-05-22 |
2020-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. |
|
26 |
CVE-2018-11358 |
416 |
|
|
2018-05-22 |
2020-03-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. |
|
27 |
CVE-2018-10982 |
|
|
DoS +Priv |
2018-05-10 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. |
|
28 |
CVE-2018-10981 |
835 |
|
DoS |
2018-05-10 |
2019-10-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. |
|
29 |
CVE-2018-10940 |
119 |
|
Overflow |
2018-05-09 |
2018-10-31 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. |
|
30 |
CVE-2018-10583 |
200 |
|
+Info |
2018-05-01 |
2020-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. |
|
31 |
CVE-2018-10548 |
476 |
|
DoS |
2018-04-29 |
2019-08-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. |
|
32 |
CVE-2018-10547 |
79 |
|
XSS |
2018-04-29 |
2019-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. |
|
33 |
CVE-2018-10545 |
200 |
|
Bypass +Info |
2018-04-29 |
2019-08-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. |
|
34 |
CVE-2018-10194 |
119 |
|
DoS Overflow |
2018-04-18 |
2019-07-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. |
|
35 |
CVE-2018-10120 |
787 |
|
DoS Overflow |
2018-04-16 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. |
|
36 |
CVE-2018-10119 |
416 |
|
DoS |
2018-04-16 |
2019-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. |
|
37 |
CVE-2018-9269 |
772 |
|
|
2018-04-04 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. |
|
38 |
CVE-2018-9268 |
772 |
|
|
2018-04-04 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. |
|
39 |
CVE-2018-9263 |
|
|
|
2018-04-04 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. |
|
40 |
CVE-2018-9261 |
834 |
|
Overflow |
2018-04-04 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs. |
|
41 |
CVE-2018-9260 |
20 |
|
|
2018-04-04 |
2019-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. |
|
42 |
CVE-2018-9258 |
20 |
|
|
2018-04-04 |
2019-02-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. |
|
43 |
CVE-2018-9132 |
476 |
|
DoS |
2018-03-30 |
2019-10-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. |
|
44 |
CVE-2018-9018 |
369 |
|
DoS |
2018-03-25 |
2020-01-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
|
45 |
CVE-2018-9009 |
416 |
|
|
2018-03-25 |
2019-10-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. |
|
46 |
CVE-2018-8905 |
787 |
|
Overflow |
2018-03-22 |
2020-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. |
|
47 |
CVE-2018-8897 |
362 |
|
|
2018-05-08 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. |
|
48 |
CVE-2018-8822 |
119 |
|
Exec Code Overflow |
2018-03-20 |
2019-03-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. |
|
49 |
CVE-2018-8781 |
190 |
|
Exec Code Overflow |
2018-04-23 |
2019-02-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. |
|
50 |
CVE-2018-8780 |
22 |
|
Dir. Trav. |
2018-04-03 |
2019-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. |
