Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6555 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. | |||||
CVE-2018-10845 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. | |||||
CVE-2018-6073 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||||
CVE-2019-6111 | 10 Apache, Canonical, Debian and 7 more | 27 Mina Sshd, Ubuntu Linux, Debian Linux and 24 more | 2024-02-04 | 5.8 MEDIUM | 5.9 MEDIUM |
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). | |||||
CVE-2018-6048 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. | |||||
CVE-2018-5188 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
CVE-2017-12163 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-02-04 | 4.8 MEDIUM | 7.1 HIGH |
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. | |||||
CVE-2017-7558 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. | |||||
CVE-2018-16741 | 2 Debian, Mgetty Project | 2 Debian Linux, Mgetty | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command. | |||||
CVE-2018-14363 | 2 Debian, Neomutt | 2 Debian Linux, Neomutt | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | |||||
CVE-2018-19758 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | |||||
CVE-2019-3823 | 5 Canonical, Debian, Haxx and 2 more | 7 Ubuntu Linux, Debian Linux, Libcurl and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. | |||||
CVE-2018-15587 | 2 Debian, Gnome | 2 Debian Linux, Evolution | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | |||||
CVE-2018-14734 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 6.1 MEDIUM | 7.8 HIGH |
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). | |||||
CVE-2018-19970 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | |||||
CVE-2018-17082 | 3 Debian, Netapp, Php | 3 Debian Linux, Storage Automation Store, Php | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | |||||
CVE-2018-14347 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). | |||||
CVE-2018-16335 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. | |||||
CVE-2019-6133 | 4 Canonical, Debian, Polkit Project and 1 more | 9 Ubuntu Linux, Debian Linux, Polkit and 6 more | 2024-02-04 | 4.4 MEDIUM | 6.7 MEDIUM |
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. | |||||
CVE-2018-20546 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 5.8 MEDIUM | 8.1 HIGH |
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. |