Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-2579 | 6 Canonical, Debian, Hp and 3 more | 16 Ubuntu Linux, Debian Linux, Xp7 Command View and 13 more | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
CVE-2017-12863 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | |||||
CVE-2016-6797 | 6 Apache, Canonical, Debian and 3 more | 14 Tomcat, Ubuntu Linux, Debian Linux and 11 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. | |||||
CVE-2017-9835 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. | |||||
CVE-2017-4967 | 3 Debian, Pivotal Software, Vmware | 3 Debian Linux, Rabbitmq, Rabbitmq | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. | |||||
CVE-2017-2896 | 2 Debian, Libxls Project | 2 Debian Linux, Libxls | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | |||||
CVE-2011-5325 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | |||||
CVE-2017-9612 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2017-3641 | 4 Debian, Mariadb, Oracle and 1 more | 10 Debian Linux, Mariadb, Mysql and 7 more | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2017-13139 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. | |||||
CVE-2017-13723 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | |||||
CVE-2017-9739 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2017-15924 | 2 Debian, Shadowsocks | 2 Debian Linux, Shadowsocks-libev | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | |||||
CVE-2018-0486 | 2 Debian, Shibboleth | 2 Debian Linux, Xmltooling-c | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD. | |||||
CVE-2017-2870 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. | |||||
CVE-2017-8823 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013. | |||||
CVE-2017-1000229 | 2 Debian, Optipng Project | 2 Debian Linux, Optipng | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. | |||||
CVE-2017-17854 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. | |||||
CVE-2017-12937 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | |||||
CVE-2018-5345 | 5 Canonical, Debian, Fedoraproject and 2 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. |