Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-5730 | 5.5 |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string w
|
23-05-2024 - 17:53 | 06-03-2018 - 20:29 | |
CVE-2018-5729 | 6.5 |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to th
|
23-05-2024 - 17:52 | 06-03-2018 - 20:29 | |
CVE-2019-1003001 | 6.5 |
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows atta
|
25-10-2023 - 18:16 | 22-01-2019 - 14:29 | |
CVE-2019-1003011 | 5.5 |
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/j
|
25-10-2023 - 18:16 | 06-02-2019 - 16:29 | |
CVE-2019-1003004 | 6.5 |
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions indef
|
25-10-2023 - 18:16 | 22-01-2019 - 14:29 | |
CVE-2019-1003012 | 4.3 |
A data modification vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-core-js/src/js/bundleStartup.js, blueocean-core-js/src/js/fetch.ts, blueocean-core-js/src/js/i18n/i18n.js, blueocean-core-js/src/js/urlconfig.js, b
|
25-10-2023 - 18:16 | 06-02-2019 - 16:29 | |
CVE-2019-1003003 | 6.5 |
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember M
|
25-10-2023 - 18:16 | 22-01-2019 - 14:29 | |
CVE-2019-1003013 | 3.5 |
An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/ex
|
25-10-2023 - 18:16 | 06-02-2019 - 16:29 | |
CVE-2019-1003002 | 6.5 |
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permis
|
25-10-2023 - 18:16 | 22-01-2019 - 14:29 | |
CVE-2019-1003014 | 3.5 |
An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitr
|
25-10-2023 - 18:16 | 06-02-2019 - 16:29 | |
CVE-2019-1003000 | 6.5 |
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute ar
|
25-10-2023 - 18:16 | 22-01-2019 - 14:29 | |
CVE-2018-18559 | 6.8 |
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a ra
|
16-05-2023 - 11:14 | 22-10-2018 - 16:29 | |
CVE-2019-6116 | 6.8 |
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
|
01-03-2023 - 18:41 | 21-03-2019 - 16:01 | |
CVE-2018-16865 | 4.6 |
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remo
|
13-02-2023 - 04:52 | 11-01-2019 - 21:29 | |
CVE-2018-16864 | 4.6 |
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash s
|
13-02-2023 - 04:51 | 11-01-2019 - 20:29 | |
CVE-2019-3815 | 2.1 |
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A
|
12-02-2023 - 23:38 | 28-01-2019 - 15:29 | |
CVE-2018-11237 | 4.6 |
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
|
13-09-2022 - 21:25 | 18-05-2018 - 16:29 | |
CVE-2018-1060 | 5.0 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
|
28-07-2022 - 11:31 | 18-06-2018 - 14:29 | |
CVE-2018-1000007 | 5.0 |
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow r
|
13-06-2022 - 19:10 | 24-01-2018 - 22:29 | |
CVE-2018-20103 | 5.0 |
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaus
|
02-06-2022 - 14:15 | 12-12-2018 - 17:29 | |
CVE-2018-20102 | 5.0 |
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-
|
02-06-2022 - 14:15 | 12-12-2018 - 17:29 | |
CVE-2018-15688 | 5.8 |
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
|
31-01-2022 - 18:30 | 26-10-2018 - 14:29 | |
CVE-2019-3818 | 5.0 |
The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a
|
21-05-2021 - 14:42 | 05-02-2019 - 17:29 | |
CVE-2019-3826 | 4.3 |
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persis
|
31-03-2021 - 21:15 | 26-03-2019 - 18:29 | |
CVE-2017-16997 | 9.3 |
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the cu
|
15-10-2020 - 13:28 | 18-12-2017 - 01:29 | |
CVE-2019-1003000 | 6.5 |
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute ar
|
29-09-2020 - 01:41 | 22-01-2019 - 14:29 | |
CVE-2019-1003001 | 6.5 |
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows atta
|
29-09-2020 - 01:40 | 22-01-2019 - 14:29 | |
CVE-2019-1003002 | 6.5 |
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permis
|
29-09-2020 - 01:40 | 22-01-2019 - 14:29 | |
CVE-2019-1003011 | 5.5 |
An information exposure and denial of service vulnerability exists in Jenkins Token Macro Plugin 2.5 and earlier in src/main/java/org/jenkinsci/plugins/tokenmacro/Parser.java, src/main/java/org/jenkinsci/plugins/tokenmacro/TokenMacro.java, src/main/j
|
29-09-2020 - 00:50 | 06-02-2019 - 16:29 | |
CVE-2018-18397 | 2.1 |
The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that fil
|
24-08-2020 - 17:37 | 12-12-2018 - 10:29 | |
CVE-2018-6485 | 7.5 |
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to
|
24-08-2020 - 17:37 | 01-02-2018 - 14:29 | |
CVE-2018-18311 | 7.5 |
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
|
24-08-2020 - 17:37 | 07-12-2018 - 21:29 | |
CVE-2018-11236 | 7.5 |
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer over
|
24-08-2020 - 17:37 | 18-05-2018 - 16:29 | |
CVE-2017-18267 | 4.3 |
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
|
23-07-2020 - 12:15 | 10-05-2018 - 15:29 | |
CVE-2018-7208 | 6.8 |
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault)
|
31-10-2019 - 01:15 | 18-02-2018 - 04:29 | |
CVE-2018-8945 | 4.3 |
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
|
31-10-2019 - 01:15 | 22-03-2018 - 21:29 | |
CVE-2018-7569 | 4.3 |
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF F
|
31-10-2019 - 01:15 | 28-02-2018 - 21:29 | |
CVE-2018-7568 | 4.3 |
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corru
|
31-10-2019 - 01:15 | 28-02-2018 - 21:29 | |
CVE-2018-7643 | 6.8 |
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdu
|
31-10-2019 - 01:15 | 02-03-2018 - 15:29 | |
CVE-2018-7642 | 4.3 |
The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and app
|
31-10-2019 - 01:15 | 02-03-2018 - 15:29 | |
CVE-2018-1113 | 4.6 |
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell bein
|
09-10-2019 - 23:38 | 03-07-2018 - 01:29 | |
CVE-2018-19475 | 6.8 |
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
|
03-10-2019 - 00:03 | 23-11-2018 - 05:29 | |
CVE-2018-13033 | 4.3 |
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_p
|
03-10-2019 - 00:03 | 01-07-2018 - 16:29 | |
CVE-2018-10733 | 4.3 |
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
|
03-10-2019 - 00:03 | 04-05-2018 - 17:29 | |
CVE-2018-10767 | 4.3 |
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will l
|
03-10-2019 - 00:03 | 06-05-2018 - 23:29 | |
CVE-2018-1061 | 5.0 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
|
03-10-2019 - 00:03 | 19-06-2018 - 12:29 | |
CVE-2018-1000866 | 6.5 |
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java tha
|
03-10-2019 - 00:03 | 10-12-2018 - 14:29 | |
CVE-2018-1000301 | 6.4 |
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP
|
03-10-2019 - 00:03 | 24-05-2018 - 13:29 | |
CVE-2018-1000122 | 6.4 |
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
|
03-10-2019 - 00:03 | 14-03-2018 - 18:29 | |
CVE-2018-1000865 | 6.5 |
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Configure permission to execute arbitrary code on the J
|
03-10-2019 - 00:03 | 10-12-2018 - 14:29 | |
CVE-2018-10535 | 4.3 |
The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" va
|
03-08-2019 - 13:15 | 29-04-2018 - 15:29 | |
CVE-2018-10372 | 4.3 |
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.
|
03-08-2019 - 13:15 | 25-04-2018 - 09:29 | |
CVE-2018-10534 | 4.3 |
The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the valu
|
03-08-2019 - 13:15 | 29-04-2018 - 15:29 | |
CVE-2018-10373 | 4.3 |
concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file
|
03-08-2019 - 13:15 | 25-04-2018 - 09:29 | |
CVE-2018-1000121 | 5.0 |
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
|
23-07-2019 - 23:15 | 14-03-2018 - 18:29 | |
CVE-2018-1000120 | 7.5 |
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
|
18-06-2019 - 22:15 | 14-03-2018 - 18:29 | |
CVE-2018-12910 | 7.5 |
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
|
08-05-2019 - 18:21 | 05-07-2018 - 18:29 | |
CVE-2019-1003010 | 4.3 |
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build reco
|
26-04-2019 - 14:01 | 06-02-2019 - 16:29 | |
CVE-2018-10768 | 4.3 |
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are no
|
25-04-2019 - 18:38 | 06-05-2018 - 23:29 | |
CVE-2018-16540 | 6.8 |
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
|
25-04-2019 - 14:28 | 05-09-2018 - 18:29 | |
CVE-2018-13988 | 4.3 |
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab
|
25-04-2019 - 14:16 | 25-07-2018 - 23:29 | |
CVE-2018-19477 | 6.8 |
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
|
25-04-2019 - 13:07 | 23-11-2018 - 05:29 | |
CVE-2018-19476 | 6.8 |
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
|
25-04-2019 - 13:07 | 23-11-2018 - 05:29 | |
CVE-2018-20615 | 5.0 |
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are s
|
25-04-2019 - 12:57 | 21-03-2019 - 16:00 |