| Max CVSS | 7.2 | Min CVSS | 4.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-10901 | 7.2 |
A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious
|
24-02-2023 - 18:43 | 26-07-2018 - 17:29 | |
| CVE-2018-10902 | 4.6 |
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmi
|
12-02-2023 - 23:31 | 21-08-2018 - 19:29 | |
| CVE-2018-10904 | 6.5 |
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exp
|
22-04-2022 - 18:55 | 04-09-2018 - 13:29 | |
| CVE-2018-10907 | 6.5 |
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume
|
16-12-2021 - 18:49 | 04-09-2018 - 13:29 | |
| CVE-2018-10903 | 5.0 |
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an
|
04-08-2021 - 17:14 | 30-07-2018 - 16:29 | |
| CVE-2018-10900 | 7.2 |
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an
|
04-12-2020 - 18:15 | 26-07-2018 - 15:29 | |
| CVE-2018-1090 | 5.0 |
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
|
09-10-2019 - 23:38 | 18-06-2018 - 14:29 | |
| CVE-2018-10908 | 7.1 |
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, ca
|
09-10-2019 - 23:33 | 09-08-2018 - 19:29 | |
| CVE-2018-10905 | 7.2 |
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
|
09-10-2019 - 23:33 | 24-07-2018 - 13:29 | |
| CVE-2018-10906 | 4.6 |
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_
|
03-10-2019 - 00:03 | 24-07-2018 - 20:29 |