Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6403 | 7 Apple, Debian, Fedoraproject and 4 more | 10 Iphone Os, Debian Linux, Fedora and 7 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2019-15165 | 7 Apple, Canonical, Debian and 4 more | 11 Ipados, Iphone Os, Mac Os X and 8 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | |||||
CVE-2020-7059 | 5 Debian, Opensuse, Oracle and 2 more | 5 Debian Linux, Leap, Communications Diameter Signaling Router and 2 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. | |||||
CVE-2019-20162 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. | |||||
CVE-2019-16710 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | |||||
CVE-2019-19269 | 3 Debian, Fedoraproject, Proftpd | 3 Debian Linux, Fedora, Proftpd | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. | |||||
CVE-2018-14461 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). | |||||
CVE-2011-4900 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
TYPO3 before 4.5.4 allows Information Disclosure in the backend. | |||||
CVE-2012-5476 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | |||||
CVE-2019-9433 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 | |||||
CVE-2012-1105 | 3 Apereo, Debian, Fedoraproject | 3 Phpcas, Debian Linux, Fedora | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. | |||||
CVE-2007-5743 | 2 Debian, Viewvc | 2 Debian Linux, Viewvc | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. | |||||
CVE-2011-3630 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. | |||||
CVE-2013-1425 | 2 Debian, Ldap Git Backup Project | 2 Debian Linux, Ldap Git Backup | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions. | |||||
CVE-2010-2490 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Mumble: murmur-server has DoS due to malformed client query | |||||
CVE-2020-5208 | 4 Debian, Fedoraproject, Ipmitool Project and 1 more | 4 Debian Linux, Fedora, Ipmitool and 1 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. | |||||
CVE-2015-9542 | 3 Canonical, Debian, Freeradius | 3 Ubuntu Linux, Debian Linux, Pam Radius | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. | |||||
CVE-2019-18424 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-04 | 6.9 MEDIUM | 6.8 MEDIUM |
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. | |||||
CVE-2017-1002201 | 2 Debian, Haml | 2 Debian Linux, Haml | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. | |||||
CVE-2012-0049 | 3 Debian, Fedoraproject, Openttd | 3 Debian Linux, Fedora, Openttd | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. |