Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-9892 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem. | |||||
CVE-2019-15807 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-04 | 4.7 MEDIUM | 4.7 MEDIUM |
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. | |||||
CVE-2018-20175 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | |||||
CVE-2019-9639 | 6 Canonical, Debian, Netapp and 3 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. | |||||
CVE-2019-13115 | 5 Debian, F5, Fedoraproject and 2 more | 7 Debian Linux, Traffix Systems Signaling Delivery Controller, Fedora and 4 more | 2024-02-04 | 5.8 MEDIUM | 8.1 HIGH |
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. | |||||
CVE-2019-12817 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | |||||
CVE-2019-1010301 | 3 Debian, Fedoraproject, Jhead Project | 3 Debian Linux, Fedora, Jhead | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file. | |||||
CVE-2019-9948 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | |||||
CVE-2019-13304 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. | |||||
CVE-2019-5810 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
CVE-2019-13458 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords. | |||||
CVE-2018-20182 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. | |||||
CVE-2019-7221 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | |||||
CVE-2019-16236 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. | |||||
CVE-2019-11730 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | |||||
CVE-2019-5419 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. | |||||
CVE-2019-5837 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2018-6032 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. | |||||
CVE-2018-16862 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. | |||||
CVE-2018-6034 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 5.8 MEDIUM | 8.1 HIGH |
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |