Latest CVE Feed
-
8.8
HIGHCVE-2018-1000009
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery... Read more
Affected Products : checkstyle- Published: Jan. 23, 2018
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2018-1000008
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or de... Read more
Affected Products : pmd- Published: Jan. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1000007
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redire... Read more
Affected Products : ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation curl enterprise_linux_server_aus enterprise_linux_server_eus m10-1_firmware m10-4_firmware +10 more products- Published: Jan. 24, 2018
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2018-1000006
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arb... Read more
- Published: Jan. 24, 2018
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2018-1000005
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte l... Read more
- Published: Jan. 24, 2018
- Modified: Nov. 21, 2024
-
7.1
HIGHCVE-2018-1000004
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.... Read more
Affected Products : linux_kernel- Published: Jan. 16, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-1000003
Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.... Read more
Affected Products : recursor- Published: Jan. 22, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-1000002
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.... Read more
Affected Products : knot_resolver- Published: Jan. 22, 2018
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.... Read more
- Published: Jan. 31, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-0998
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892.... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2018-0997
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991,... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2018-0996
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Expl... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2018-0995
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is un... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2018-0994
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is un... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2018-0993
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is un... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2018-0991
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-201... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2018-0990
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is un... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-0989
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Intern... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
7.6
HIGHCVE-2018-0988
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Expl... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-0987
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, ... Read more
- Published: Apr. 12, 2018
- Modified: Nov. 21, 2024