Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2018-10881

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.... Read more

    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-10880

    Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.... Read more

    • Published: Jul. 25, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10879

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.... Read more

    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10878

    A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.... Read more

    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2018-10877

    Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10876

    A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10875

    A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.... Read more

    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10874

    In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.... Read more

    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10873

    A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer w... Read more

    • Published: Aug. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10872

    A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once th... Read more

    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10871

    389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective chang... Read more

    Affected Products : debian_linux 389_directory_server
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10870

    redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.... Read more

    Affected Products : enterprise_linux certification
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10869

    redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.... Read more

    Affected Products : enterprise_linux certification
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10868

    redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-10867

    Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-10866

    It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10865

    It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2018-10864

    An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Se... Read more

    Affected Products : certification linux
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10863

    It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensibl... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10862

    WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.... Read more

    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293673 Results