| 2018-07-03 | CVE-2018-13100 | Divide By Zero vulnerability in multiple products
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. | 5.5 |
| 2018-07-03 | CVE-2018-13099 | Out-of-bounds Read vulnerability in multiple products
An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. | 5.5 |
| 2018-07-03 | CVE-2018-13096 | Out-of-bounds Write vulnerability in multiple products
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. | 5.5 |
| 2018-07-03 | CVE-2018-10855 | Information Exposure Through Log Files vulnerability in multiple products
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. | 5.9 |
| 2018-07-02 | CVE-2018-12896 | Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.17.3. | 5.5 |
| 2018-07-02 | CVE-2018-12893 | An issue was discovered in Xen through 4.10.x. | 6.5 |
| 2018-07-02 | CVE-2018-12891 | An issue was discovered in Xen through 4.10.x. | 6.5 |
| 2018-06-26 | CVE-2018-1000528 | Cross-site Scripting vulnerability in multiple products
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. | 6.1 |
| 2018-06-26 | CVE-2018-1000204 | Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. | 5.3 |
| 2018-06-25 | CVE-2018-11039 | Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. | 5.9 |