Total
4150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14355 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | |||||
| CVE-2019-3464 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | |||||
| CVE-2018-20544 | 3 Canonical, Debian, Libcaca Project | 3 Ubuntu Linux, Debian Linux, Libcaca | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. | |||||
| CVE-2018-19477 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | |||||
| CVE-2018-17958 | 4 Canonical, Debian, Qemu and 1 more | 6 Ubuntu Linux, Debian Linux, Qemu and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | |||||
| CVE-2018-3056 | 3 Canonical, Netapp, Oracle | 6 Ubuntu Linux, Oncommand Insight, Oncommand Workflow Automation and 3 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2018-14609 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. | |||||
| CVE-2018-14435 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. | |||||
| CVE-2018-20761 | 3 Canonical, Debian, Gpac Project | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. | |||||
| CVE-2018-15861 | 2 Canonical, Xkbcommon | 3 Ubuntu Linux, Libxkbcommon, Xkbcommon | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. | |||||
| CVE-2019-7663 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. | |||||
| CVE-2018-1000852 | 3 Canonical, Fedoraproject, Freerdp | 3 Ubuntu Linux, Fedora, Freerdp | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. | |||||
| CVE-2018-16429 | 2 Canonical, Gnome | 2 Ubuntu Linux, Glib | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). | |||||
| CVE-2019-7397 | 5 Canonical, Debian, Graphicsmagick and 2 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. | |||||
| CVE-2018-3058 | 6 Canonical, Debian, Mariadb and 3 more | 11 Ubuntu Linux, Debian Linux, Mariadb and 8 more | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2018-16510 | 2 Artifex, Canonical | 3 Ghostscript, Gpl Ghostscript, Ubuntu Linux | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact. | |||||
| CVE-2018-5390 | 8 A10networks, Canonical, Cisco and 5 more | 40 Advanced Core Operating System, Ubuntu Linux, Collaboration Meeting Rooms and 37 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | |||||
| CVE-2018-20549 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. | |||||
| CVE-2018-16323 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. | |||||
| CVE-2018-14679 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 8 Libmspack, Cabextract, Ubuntu Linux and 5 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | |||||