CVE-2018-10982
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.
Source: CVE-2018-10982
CVE-2018-1118
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
Source: CVE-2018-1118
CVE-2018-3649
DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel’s wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.
Source: CVE-2018-3649
CVE-2018-3617
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U2.1 do not properly ensure constant execution time.
Source: CVE-2018-3617
CVE-2018-10981
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
Source: CVE-2018-10981
CVE-2018-3612
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
Source: CVE-2018-3612
CVE-2018-1115
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn’t follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
Source: CVE-2018-1115
CVE-2018-10973
An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _value parameters.
Source: CVE-2018-10973
CVE-2018-10706
An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the "multiOverflow" issue.
Source: CVE-2018-10706
CVE-2018-10975
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104.
Source: CVE-2018-10975