DEBIAN-CVE-2018-1000517

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been...

CVE-2018-1000517

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been...

OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2018-2854

Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications subcomponent: Portfolio, Attribution. The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2018-2795

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker wi...

CVE-2018-2790

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2018-2800

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

UBUNTU-CVE-2018-1000168

nghttp2 version = 1.10.0 and nghttp2 = 1.31.1...

Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update D)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2018-1000132

CVE-2018-1000132 affects Mercurial 4.5 and earlier, with an Incorrect Access Control (CWE-285) in the Protocol server that can lead to unauthorized data access over the network. The vulnerability is explicitly stated to have been fixed in Mercurial 4.5.1. Connected advisories reference affected p...

CVE-2018-1000127

The CVE-2018-1000127 issue affects memcached prior to 1.4.37, caused by an Integer Overflow in items.c:item_free() that can lead to data corruption and deadlocks due to reusing hash-table entries from a free list. It is exploitable over the network to the memcached service. The vulnerability is f...

DEBIAN-CVE-2018-1000071

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity...

CVE-2018-1000071

Roundcube Webmail

UBUNTU-CVE-2018-1000127

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:itemfree that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service...

UBUNTU-CVE-2018-1000119

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...

CVE-2018-2629

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JGSS. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker...

CVE-2018-2585

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Net. Supported versions that are affected are 6.9.9 and prior and 6.10.4 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MyS...

mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Stored Procedure. Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2017-10278

CVE-2017-10278 is a heap overflow in Oracle Tuxedo’s Jolt protocol handling, affecting Oracle Fusion Middleware/Tuxedo components version 11.1.1, 12.1.1, 12.1.3 and 12.2.2. The underlying issue is a lack of proper length-field checks in the JOLT protocol structure, enabling an unauthenticated rem...