Security Vulnerabilities - CVEs Published In 2018
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
CVSS Score
9.8
EPSS Score
0.908
Published
2018-12-05
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-12-05
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
CVSS Score
6.1
EPSS Score
0.067
Published
2018-12-05
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-12-05
Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of sensitive system files.
CVSS Score
4.3
EPSS Score
0.0
Published
2018-12-05
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.
CVSS Score
8.4
EPSS Score
0.003
Published
2018-12-05
IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.
CVSS Score
3.7
EPSS Score
0.001
Published
2018-12-05
IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.
CVSS Score
4.0
EPSS Score
0.0
Published
2018-12-05
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-12-05
IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-12-05