Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-12102 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
CVE-2018-11743 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. | |||||
CVE-2017-0365 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 2.6 LOW | 4.7 MEDIUM |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. | |||||
CVE-2017-7819 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
CVE-2018-5750 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. | |||||
CVE-2018-7286 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection. | |||||
CVE-2018-11439 | 2 Debian, Taglib | 2 Debian Linux, Taglib | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. | |||||
CVE-2017-5404 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
CVE-2018-2663 | 6 Canonical, Debian, Hp and 3 more | 16 Ubuntu Linux, Debian Linux, Xp7 Command View and 13 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). | |||||
CVE-2018-10852 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, Sssd, Enterprise Linux Desktop and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. | |||||
CVE-2017-7809 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
CVE-2018-10995 | 2 Debian, Schedmd | 2 Debian Linux, Slurm | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). | |||||
CVE-2018-1123 | 3 Canonical, Debian, Procps-ng Project | 3 Ubuntu Linux, Debian Linux, Procps-ng | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). | |||||
CVE-2018-7254 | 2 Debian, Wavpack | 2 Debian Linux, Wavpack | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. | |||||
CVE-2017-15395 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. | |||||
CVE-2017-5464 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2017-5660 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used. | |||||
CVE-2017-14448 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
CVE-2017-15387 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page. | |||||
CVE-2018-9251 | 2 Debian, Xmlsoft | 2 Debian Linux, Libxml2 | 2024-02-04 | 2.6 LOW | 5.3 MEDIUM |
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. |