Total
8669 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12617 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. | |||||
| CVE-2018-12601 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. | |||||
| CVE-2018-12600 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. | |||||
| CVE-2018-12599 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. | |||||
| CVE-2018-12584 | 2 Debian, Resiprocate | 2 Debian Linux, Resiprocate | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled. | |||||
| CVE-2018-12565 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. | |||||
| CVE-2018-12564 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. | |||||
| CVE-2018-12495 | 2 Debian, Discount Project | 2 Debian Linux, Discount | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||||
| CVE-2018-12458 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | |||||
| CVE-2018-12396 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | |||||
| CVE-2018-12395 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Firefox and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | |||||
| CVE-2018-12393 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3. | |||||
| CVE-2018-12385 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. | |||||
| CVE-2018-12383 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. | |||||
| CVE-2018-12374 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Thunderbird and 4 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9. | |||||
| CVE-2018-12373 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Thunderbird and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. | |||||
| CVE-2018-12372 | 4 Canonical, Debian, Mozilla and 1 more | 7 Ubuntu Linux, Debian Linux, Thunderbird and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. | |||||
| CVE-2018-12366 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2018-12365 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2018-12364 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||