Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13764 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-6406 | 5 Debian, Fedoraproject, Google and 2 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2013-4133 | 2 Debian, Kde | 2 Debian Linux, Kde-workspace | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
kde-workspace before 4.10.5 has a memory leak in plasma desktop | |||||
CVE-2010-4532 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | |||||
CVE-2019-9278 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 | |||||
CVE-2013-4251 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | |||||
CVE-2017-5332 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | |||||
CVE-2012-5521 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | |||||
CVE-2020-8840 | 5 Debian, Fasterxml, Huawei and 2 more | 9 Debian Linux, Jackson-databind, Oceanstor 9000 and 6 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. | |||||
CVE-2019-12528 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. | |||||
CVE-2011-1070 | 2 Debian, V86d Project | 2 Debian Linux, V86d | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. | |||||
CVE-2014-8161 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. | |||||
CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | |||||
CVE-2012-1104 | 3 Apereo, Debian, Linux | 3 Phpcas, Debian Linux, Linux Kernel | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. | |||||
CVE-2019-2949 | 4 Debian, Netapp, Oracle and 1 more | 12 Debian Linux, E-series Santricity Os Controller, E-series Santricity Storage Manager and 9 more | 2024-02-04 | 4.3 MEDIUM | 6.8 MEDIUM |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). | |||||
CVE-2019-18603 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. | |||||
CVE-2019-17340 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-02-04 | 6.1 MEDIUM | 8.8 HIGH |
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. | |||||
CVE-2020-9402 | 5 Canonical, Debian, Djangoproject and 2 more | 5 Ubuntu Linux, Debian Linux, Django and 2 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. | |||||
CVE-2020-6415 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-9232 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 |