Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2018-10919

    The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba v... Read more

    Affected Products : ubuntu_linux debian_linux samba
    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10918

    A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions b... Read more

    Affected Products : ubuntu_linux samba
    • Published: Aug. 22, 2018
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2018-10917

    pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories... Read more

    Affected Products : pulp
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10916

    It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring... Read more

    Affected Products : ubuntu_linux leap lftp
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2018-10915

    A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted ... Read more

    • Published: Aug. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10914

    It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and glu... Read more

    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2018-10913

    An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.... Read more

    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2018-10912

    keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this ... Read more

    Affected Products : keycloak single_sign-on
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10911

    A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.... Read more

    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 4.5

    MEDIUM
    CVE-2018-10910

    A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Ver... Read more

    Affected Products : ubuntu_linux bluez
    • Published: Jan. 28, 2019
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2018-10908

    It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing... Read more

    Affected Products : virtualization vdsm
    • Published: Aug. 09, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10907

    It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and ... Read more

    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10906

    In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other... Read more

    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10905

    CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.... Read more

    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10904

    It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit ... Read more

    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10903

    A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an inva... Read more

    • Published: Jul. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10902

    It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c ... Read more

    • Published: Aug. 21, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10901

    A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entr... Read more

    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10900

    Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attac... Read more

    Affected Products : debian_linux network_manager_vpnc
    • Published: Jul. 26, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10899

    A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Co... Read more

    Affected Products : openstack jolokia
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294068 Results