Total
1926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10879 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2023-12-10 | 6.1 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. | |||||
| CVE-2018-10877 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. | |||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | |||||
| CVE-2018-16862 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. | |||||
| CVE-2018-18312 | 5 Canonical, Debian, Netapp and 2 more | 8 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2018-14642 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Undertow | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests. | |||||
| CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2017-12150 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. | |||||
| CVE-2018-16395 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | |||||
| CVE-2019-7317 | 11 Canonical, Debian, Hp and 8 more | 33 Ubuntu Linux, Debian Linux, Xp7 Command View and 30 more | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
| png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |||||
| CVE-2017-12163 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2023-12-10 | 4.8 MEDIUM | 7.1 HIGH |
| An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. | |||||
| CVE-2018-10933 | 6 Canonical, Debian, Libssh and 3 more | 9 Ubuntu Linux, Debian Linux, Libssh and 6 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. | |||||
| CVE-2018-14622 | 4 Canonical, Debian, Libtirpc Project and 1 more | 8 Ubuntu Linux, Debian Linux, Libtirpc and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. | |||||
| CVE-2019-2531 | 4 Canonical, Netapp, Oracle and 1 more | 11 Ubuntu Linux, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-2623 | 2 Redhat, Rpm-ostree | 3 Enterprise Linux, Rpm-ostree, Rpm-ostree-client | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default. | |||||
| CVE-2018-16540 | 4 Artifex, Canonical, Debian and 1 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. | |||||
| CVE-2019-2510 | 5 Canonical, Mariadb, Netapp and 2 more | 11 Ubuntu Linux, Mariadb, Active Iq Unified Manager and 8 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-1002200 | 3 Codehaus-plexus, Debian, Redhat | 5 Plexus-archiver, Debian Linux, Enterprise Linux and 2 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | |||||
| CVE-2019-2529 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-8989 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso, Windows and 1 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection. | |||||