Total
625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000805 | 4 Canonical, Debian, Paramiko and 1 more | 11 Ubuntu Linux, Debian Linux, Paramiko and 8 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2018-1000199 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f. | |||||
| CVE-2018-1000156 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Patch and 6 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. | |||||
| CVE-2018-1000140 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. | |||||
| CVE-2018-1000007 | 5 Canonical, Debian, Fujitsu and 2 more | 20 Ubuntu Linux, Debian Linux, M10-1 and 17 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. | |||||
| CVE-2018-1000001 | 3 Canonical, Gnu, Redhat | 9 Ubuntu Linux, Glibc, Enterprise Linux Desktop and 6 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. | |||||
| CVE-2017-9788 | 6 Apache, Apple, Debian and 3 more | 16 Http Server, Mac Os X, Debian Linux and 13 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. | |||||
| CVE-2017-9776 | 3 Debian, Freedesktop, Redhat | 8 Debian Linux, Poppler, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | |||||
| CVE-2017-9775 | 3 Debian, Freedesktop, Redhat | 8 Debian Linux, Poppler, Enterprise Linux Desktop and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | |||||
| CVE-2017-9462 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | |||||
| CVE-2017-9461 | 3 Debian, Redhat, Samba | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | |||||
| CVE-2017-7980 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. | |||||
| CVE-2017-7848 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. | |||||
| CVE-2017-7846 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Thunderbird, Enterprise Linux Desktop and 4 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. | |||||
| CVE-2017-7843 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1. | |||||
| CVE-2017-7830 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | |||||
| CVE-2017-7828 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | |||||
| CVE-2017-7826 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | |||||
| CVE-2017-7823 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-7819 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||