Total
1910 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000407 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 6.1 MEDIUM | 7.4 HIGH |
| The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | |||||
| CVE-2017-1000366 | 8 Debian, Gnu, Mcafee and 5 more | 20 Debian Linux, Glibc, Web Gateway and 17 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. | |||||
| CVE-2017-1000251 | 4 Debian, Linux, Nvidia and 1 more | 10 Debian Linux, Linux Kernel, Jetson Tk1 and 7 more | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. | |||||
| CVE-2017-1000116 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | |||||
| CVE-2017-1000115 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | |||||
| CVE-2017-1000111 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW. | |||||
| CVE-2017-1000083 | 3 Debian, Gnome, Redhat | 8 Debian Linux, Evince, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename. | |||||
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 6 Ubuntu Linux, Fedora, Jasper and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | |||||
| CVE-2017-0903 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. | |||||
| CVE-2017-0902 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | |||||
| CVE-2017-0901 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | |||||
| CVE-2017-0900 | 3 Debian, Redhat, Rubygems | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | |||||
| CVE-2017-0899 | 3 Debian, Redhat, Rubygems | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. | |||||
| CVE-2016-9905 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox Esr, Thunderbird and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. | |||||
| CVE-2016-9904 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||
| CVE-2016-9902 | 2 Mozilla, Redhat | 7 Firefox, Firefox Esr, Enterprise Linux Desktop and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. | |||||
| CVE-2016-9901 | 2 Mozilla, Redhat | 7 Firefox, Firefox Esr, Enterprise Linux Aus and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. | |||||
| CVE-2016-9900 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||
| CVE-2016-9899 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||
| CVE-2016-9898 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||