Total
87 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20430 | 1 Lustre | 1 Lustre | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client. | |||||
| CVE-2019-9946 | 3 Cncf, Kubernetes, Netapp | 3 Portmap, Kubernetes, Cloud Insights | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. | |||||
| CVE-2019-11412 | 2 Artifex, Fedoraproject | 2 Mujs, Fedora | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call. | |||||
| CVE-2018-19058 | 4 Canonical, Debian, Freedesktop and 1 more | 6 Ubuntu Linux, Debian Linux, Poppler and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. | |||||
| CVE-2018-19212 | 1 Webmproject | 1 Libwebm | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack. | |||||
| CVE-2018-16766 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached. | |||||
| CVE-2017-0604 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589. | |||||