Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-0034 | 2 Debian, Google | 2 Debian Linux, Android | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 | |||||
CVE-2019-20163 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. | |||||
CVE-2020-9369 | 3 Debian, Fedoraproject, Sympa | 3 Debian Linux, Fedora, Sympa | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. | |||||
CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
rc before 1.7.1-5 insecurely creates temporary files. | |||||
CVE-2010-3844 | 2 Debian, Ettercap-project | 2 Debian Linux, Ettercap | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | |||||
CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | |||||
CVE-2012-2237 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile. | |||||
CVE-2019-17017 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | |||||
CVE-2019-19947 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | |||||
CVE-2019-10220 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | |||||
CVE-2011-4350 | 2 Debian, Yaws | 2 Debian Linux, Yaws | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request. | |||||
CVE-2011-4968 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2024-02-04 | 5.8 MEDIUM | 4.8 MEDIUM |
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | |||||
CVE-2019-18197 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-02-04 | 5.1 MEDIUM | 7.5 HIGH |
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. | |||||
CVE-2019-17361 | 3 Debian, Opensuse, Saltstack | 3 Debian Linux, Leap, Salt | 2024-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. | |||||
CVE-2015-0243 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
CVE-2010-4653 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | |||||
CVE-2019-19951 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | |||||
CVE-2013-4584 | 2 Debian, Horms | 2 Debian Linux, Perdition | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections | |||||
CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | |||||
CVE-2020-9430 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field. |