Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2018-10857

    git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.... Read more

    Affected Products : debian_linux git-annex
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10856

    It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.... Read more

    Affected Products : libpod
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-10855

    Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will ... Read more

    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10854

    cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name fi... Read more

    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10853

    A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could u... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: Sep. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10852

    The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any... Read more

    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10851

    PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.... Read more

    Affected Products : authoritative recursor
    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-10850

    389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.... Read more

    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10847

    prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate thei... Read more

    Affected Products : prosody
    • Published: Jul. 30, 2018
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2018-10846

    A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text ... Read more

    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-10845

    It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data usi... Read more

    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-10844

    It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data usin... Read more

    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-10843

    source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An a... Read more

    Affected Products : openshift_container_platform
    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10841

    glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding ... Read more

    Affected Products : debian_linux glusterfs
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10840

    Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.... Read more

    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10839

    Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash th... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • Published: Oct. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10832

    ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, ... Read more

    Affected Products : modbuspal
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10831

    Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. This originally affect... Read more

    Affected Products : z-nomp
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10830

    In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x002220e0.... Read more

    Affected Products : 2345_security_guard
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10828

    An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This ca... Read more

    Affected Products : pointing-device_driver
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293689 Results