Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-12378 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device. | |||||
CVE-2018-10861 | 4 Ceph, Debian, Opensuse and 1 more | 9 Ceph, Debian Linux, Leap and 6 more | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. | |||||
CVE-2017-6888 | 3 Debian, Fedoraproject, Flac Project | 3 Debian Linux, Fedora, Flac | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. | |||||
CVE-2017-7784 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
CVE-2018-1087 | 4 Canonical, Debian, Linux and 1 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. | |||||
CVE-2018-1066 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. | |||||
CVE-2018-10850 | 3 Debian, Fedoraproject, Redhat | 9 Debian Linux, 389 Directory Server, Enterprise Linux and 6 more | 2024-02-04 | 7.1 HIGH | 5.9 MEDIUM |
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. | |||||
CVE-2017-12180 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
CVE-2017-18271 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. | |||||
CVE-2017-18236 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. | |||||
CVE-2018-1270 | 4 Debian, Oracle, Redhat and 1 more | 28 Debian Linux, Application Testing Suite, Big Data Discovery and 25 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. | |||||
CVE-2018-7335 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 dissector could crash. This was addressed in epan/crypt/airpdcap.c by rejecting lengths that are too small. | |||||
CVE-2018-1000085 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. | |||||
CVE-2017-0359 | 2 Debian, Reproducible Builds | 2 Debian Linux, Diffoscope | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. | |||||
CVE-2018-7869 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack. | |||||
CVE-2018-1000116 | 2 Debian, Net-snmp | 2 Debian Linux, Net-snmp | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. | |||||
CVE-2017-0369 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it. | |||||
CVE-2017-5396 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||||
CVE-2018-0492 | 2 Beep Project, Debian | 2 Beep, Debian Linux | 2024-02-04 | 4.4 MEDIUM | 7.0 HIGH |
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. | |||||
CVE-2018-7480 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. |