Total
8819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14395 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. | |||||
| CVE-2018-14056 | 2 Debian, Znc | 2 Debian Linux, Znc | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | |||||
| CVE-2019-9210 | 4 Advancemame, Canonical, Debian and 1 more | 4 Advancecomp, Ubuntu Linux, Debian Linux and 1 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) | |||||
| CVE-2018-16646 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Poppler | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. | |||||
| CVE-2017-15412 | 4 Debian, Google, Redhat and 1 more | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-14721 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Banking Platform and 9 more | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | |||||
| CVE-2019-7164 | 5 Debian, Opensuse, Oracle and 2 more | 9 Debian Linux, Backports Sle, Leap and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | |||||
| CVE-2018-6065 | 4 Debian, Google, Mi and 1 more | 6 Debian Linux, Chrome, Mi6 Browser and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-17467 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-8942 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. | |||||
| CVE-2016-10729 | 3 Debian, Redhat, Zmanda | 3 Debian Linux, Enterprise Linux, Amanda | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. | |||||
| CVE-2018-6158 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
| A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-20023 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR | |||||
| CVE-2018-15587 | 2 Debian, Gnome | 2 Debian Linux, Evolution | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | |||||
| CVE-2016-10741 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | 4.7 MEDIUM | 4.7 MEDIUM |
| In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure. | |||||
| CVE-2018-16866 | 5 Canonical, Debian, Netapp and 2 more | 21 Ubuntu Linux, Debian Linux, Active Iq Performance Analytics Services and 18 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. | |||||
| CVE-2018-1000878 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. | |||||
| CVE-2018-1160 | 3 Debian, Netatalk, Synology | 7 Debian Linux, Netatalk, Diskstation Manager and 4 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | |||||
| CVE-2019-7150 | 5 Canonical, Debian, Elfutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Elfutils and 8 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack. | |||||
| CVE-2018-6123 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||