Total
8120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0364 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | |||||
| CVE-2018-10548 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. | |||||
| CVE-2017-15108 | 2 Debian, Spice-space | 2 Debian Linux, Spice-vdagent | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. | |||||
| CVE-2018-7875 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. | |||||
| CVE-2018-7556 | 2 Debian, Limesurvey | 2 Debian Linux, Limesurvey | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file. | |||||
| CVE-2017-12374 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition. | |||||
| CVE-2018-10001 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. | |||||
| CVE-2018-5183 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox Esr and 8 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. | |||||
| CVE-2018-7322 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-dcm.c had an infinite loop that was addressed by checking for integer wraparound. | |||||
| CVE-2018-1000120 | 5 Canonical, Debian, Haxx and 2 more | 9 Ubuntu Linux, Debian Linux, Curl and 6 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. | |||||
| CVE-2018-5848 | 3 Debian, Google, Redhat | 6 Debian Linux, Android, Enterprise Linux Desktop and 3 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-11357 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. | |||||
| CVE-2016-1000341 | 2 Bouncycastle, Debian | 2 Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well. | |||||
| CVE-2018-2799 | 7 Apache, Canonical, Debian and 4 more | 15 Xerces-j, Ubuntu Linux, Debian Linux and 12 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2018-6791 | 2 Debian, Kde | 2 Debian Linux, Plasma-workspace | 2024-02-04 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder. | |||||
| CVE-2017-12104 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
| CVE-2018-7419 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization. | |||||
| CVE-2018-5096 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox Esr, Thunderbird and 6 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6. | |||||
| CVE-2017-12379 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device. | |||||
| CVE-2017-7798 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. | |||||