Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-19478 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. | |||||
CVE-2018-6089 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. | |||||
CVE-2018-12086 | 2 Debian, Opcfoundation | 5 Debian Linux, Unified Architecture-.net-legacy, Unified Architecture-java and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | |||||
CVE-2018-14682 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 8 Libmspack, Cabextract, Ubuntu Linux and 5 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. | |||||
CVE-2018-20196 | 2 Audiocoding, Debian | 2 Freeware Advanced Audio Decoder 2, Debian Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled. | |||||
CVE-2018-16839 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Curl | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | |||||
CVE-2018-19497 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). | |||||
CVE-2018-18520 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file. | |||||
CVE-2018-6110 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page. | |||||
CVE-2018-18313 | 6 Apple, Canonical, Debian and 3 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. | |||||
CVE-2018-18355 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
CVE-2018-19475 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | |||||
CVE-2019-7398 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. | |||||
CVE-2018-3070 | 4 Canonical, Debian, Netapp and 1 more | 7 Ubuntu Linux, Debian Linux, Oncommand Insight and 4 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2018-12365 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
CVE-2019-7665 | 5 Canonical, Debian, Elfutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Elfutils and 8 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes. | |||||
CVE-2018-5407 | 7 Canonical, Debian, Nodejs and 4 more | 20 Ubuntu Linux, Debian Linux, Node.js and 17 more | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | |||||
CVE-2018-10879 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-02-04 | 6.1 MEDIUM | 7.8 HIGH |
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. | |||||
CVE-2018-6067 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2016-7068 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour. |