Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2018-10874

    In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.... Read more

    • Published: Jul. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10873

    A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer w... Read more

    • Published: Aug. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10872

    A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once th... Read more

    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10871

    389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective chang... Read more

    Affected Products : debian_linux 389_directory_server
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10870

    redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.... Read more

    Affected Products : enterprise_linux certification
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10869

    redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.... Read more

    Affected Products : enterprise_linux certification
    • Published: Jul. 19, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10868

    redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-10867

    Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2018-10866

    It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10865

    It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 6.2

    MEDIUM
    CVE-2018-10864

    An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Se... Read more

    Affected Products : certification linux
    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10863

    It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensibl... Read more

    Affected Products : certification
    • Published: May. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10862

    WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability.... Read more

    • Published: Jul. 27, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-10861

    A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affect... Read more

    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10860

    perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use... Read more

    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10859

    git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data tha... Read more

    Affected Products : debian_linux git-annex
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10858

    A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4... Read more

    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10857

    git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.... Read more

    Affected Products : debian_linux git-annex
    • Published: Jul. 16, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10856

    It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.... Read more

    Affected Products : libpod
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-10855

    Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will ... Read more

    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293926 Results