Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14846 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-02-04 | 2.1 LOW | 7.8 HIGH |
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. | |||||
CVE-2019-19813 | 4 Canonical, Debian, Linux and 1 more | 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. | |||||
CVE-2014-8561 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
imagemagick 6.8.9.6 has remote DOS via infinite loop | |||||
CVE-2019-5188 | 6 Canonical, Debian, E2fsprogs Project and 3 more | 8 Ubuntu Linux, Debian Linux, E2fsprogs and 5 more | 2024-02-04 | 4.4 MEDIUM | 6.7 MEDIUM |
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | |||||
CVE-2011-3374 | 1 Debian | 2 Advanced Package Tool, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. | |||||
CVE-2010-5108 | 2 Debian, Edgewall | 2 Debian Linux, Trac | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | |||||
CVE-2019-18423 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-04 | 8.5 HIGH | 8.8 HIGH |
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing "highest mapped + 1" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. | |||||
CVE-2020-5312 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | |||||
CVE-2020-8492 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | |||||
CVE-2020-6408 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. | |||||
CVE-2014-6262 | 2 Debian, Zenoss | 2 Debian Linux, Zenoss Core | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | |||||
CVE-2019-15166 | 8 Apple, Canonical, Debian and 5 more | 10 Mac Os X, Ubuntu Linux, Debian Linux and 7 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | |||||
CVE-2019-18281 | 2 Debian, Qt | 2 Debian Linux, Qtbase | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing many directional characters. | |||||
CVE-2019-16711 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | |||||
CVE-2019-13627 | 4 Canonical, Debian, Libgcrypt20 Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libgcrypt20 and 1 more | 2024-02-04 | 2.6 LOW | 6.3 MEDIUM |
It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | |||||
CVE-2018-16229 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). | |||||
CVE-2013-4412 | 3 Berlios, Debian, Gnu | 3 Slim, Debian Linux, Glibc | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
slim has NULL pointer dereference when using crypt() method from glibc 2.17 | |||||
CVE-2019-18928 | 3 Cyrus, Debian, Fedoraproject | 3 Imap, Debian Linux, Fedora | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. | |||||
CVE-2019-2992 | 6 Canonical, Debian, Netapp and 3 more | 19 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 16 more | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2011-3618 | 2 Atop Project, Debian | 2 Atop, Debian Linux | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
atop: symlink attack possible due to insecure tempfile handling |