Total
626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3815 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. | |||||
| CVE-2018-12387 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. | |||||
| CVE-2017-3135 | 4 Debian, Isc, Netapp and 1 more | 10 Debian Linux, Bind, Data Ontap Edge and 7 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. | |||||
| CVE-2018-17961 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2023-12-10 | 6.8 MEDIUM | 8.6 HIGH |
| Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | |||||
| CVE-2016-9577 | 3 Debian, Redhat, Spice Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. | |||||
| CVE-2018-12379 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | |||||
| CVE-2018-19477 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | |||||
| CVE-2018-14638 | 2 Fedoraproject, Redhat | 7 389 Directory Server, Enterprise Linux Aus, Enterprise Linux Desktop and 4 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. | |||||
| CVE-2018-18493 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2018-14624 | 3 Debian, Fedoraproject, Redhat | 8 Debian Linux, 389 Directory Server, Enterprise Linux Desktop and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. | |||||
| CVE-2017-12173 | 2 Fedoraproject, Redhat | 6 Sssd, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
| It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. | |||||
| CVE-2016-9603 | 4 Citrix, Debian, Qemu and 1 more | 9 Xenserver, Debian Linux, Qemu and 6 more | 2023-12-10 | 9.0 HIGH | 9.9 CRITICAL |
| A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. | |||||
| CVE-2018-17183 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. | |||||
| CVE-2018-18397 | 3 Canonical, Linux, Redhat | 10 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 7 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. | |||||
| CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | |||||
| CVE-2019-6974 | 5 Canonical, Debian, F5 and 2 more | 24 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 21 more | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
| In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. | |||||
| CVE-2018-12395 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Firefox and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | |||||
| CVE-2017-15097 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 2 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. | |||||
| CVE-2018-19409 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | |||||
| CVE-2018-10873 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 8 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. | |||||