Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18354 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page. | |||||
CVE-2018-18521 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. | |||||
CVE-2018-0618 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2018-8020 | 2 Apache, Debian | 2 Tomcat Native, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 7.4 HIGH |
Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability. | |||||
CVE-2019-6956 | 2 Audiocoding, Debian | 2 Freeware Advanced Audio Decoder 2, Debian Linux | 2024-02-04 | 5.8 MEDIUM | 7.1 HIGH |
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. | |||||
CVE-2018-14721 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Banking Platform and 9 more | 2024-02-04 | 7.5 HIGH | 10.0 CRITICAL |
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | |||||
CVE-2018-6095 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. | |||||
CVE-2018-10926 | 4 Debian, Gluster, Opensuse and 1 more | 6 Debian Linux, Glusterfs, Leap and 3 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. | |||||
CVE-2019-3498 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a user fails to recognize that a crafted URL has malicious content. | |||||
CVE-2019-5716 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | |||||
CVE-2018-19542 | 5 Canonical, Debian, Jasper Project and 2 more | 6 Ubuntu Linux, Debian Linux, Jasper and 3 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. | |||||
CVE-2018-6083 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. | |||||
CVE-2018-6047 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. | |||||
CVE-2018-6151 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Chrome and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. | |||||
CVE-2019-8905 | 4 Canonical, Debian, File Project and 1 more | 4 Ubuntu Linux, Debian Linux, File and 1 more | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | |||||
CVE-2018-20748 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. | |||||
CVE-2018-4180 | 3 Apple, Canonical, Debian | 3 Mac Os X, Ubuntu Linux, Debian Linux | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions. | |||||
CVE-2018-12367 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. | |||||
CVE-2019-5766 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2017-6922 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system. |