Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19617 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | |||||
CVE-2019-20446 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially. | |||||
CVE-2019-2981 | 4 Debian, Netapp, Oracle and 1 more | 12 Debian Linux, E-series Santricity Os Controller, E-series Santricity Storage Manager and 9 more | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2019-19066 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-04 | 4.7 MEDIUM | 4.7 MEDIUM |
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. | |||||
CVE-2012-4428 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
openslp: SLPIntersectStringList()' Function has a DoS vulnerability | |||||
CVE-2019-17670 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | |||||
CVE-2019-14864 | 3 Debian, Opensuse, Redhat | 8 Debian Linux, Backports Sle, Leap and 5 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. | |||||
CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2024-02-04 | 4.4 MEDIUM | 7.3 HIGH |
Orca has arbitrary code execution due to insecure Python module load | |||||
CVE-2018-14462 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). | |||||
CVE-2020-6393 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2019-18890 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. | |||||
CVE-2019-20041 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. | |||||
CVE-2019-3467 | 3 Canonical, Debian, Skolelinux | 4 Ubuntu Linux, Debian-lan-config, Debian Linux and 1 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals. | |||||
CVE-2020-6377 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2012-3409 | 2 Debian, Ecryptfs | 2 Debian Linux, Ecryptfs-utils | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | |||||
CVE-2019-19956 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | |||||
CVE-2019-19906 | 8 Apache, Apple, Canonical and 5 more | 20 Bookkeeper, Ipados, Iphone Os and 17 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. | |||||
CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
mono 2.10.x ASP.NET Web Form Hash collision DoS | |||||
CVE-2018-14469 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). | |||||
CVE-2019-19056 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 4.7 MEDIUM | 4.7 MEDIUM |
A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932. |