Total
10000 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5968 | 4 Debian, Fasterxml, Netapp and 1 more | 10 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 7 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
|
|||||
| CVE-2018-5953 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.
|
|||||
| CVE-2018-5950 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Mailman and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
|
|||||
| CVE-2018-5848 | 3 Debian, Google, Redhat | 6 Debian Linux, Android, Enterprise Linux Desktop and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
|
|||||
| CVE-2018-5819 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
|
|||||
| CVE-2018-5818 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
|
|||||
| CVE-2018-5817 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
|
|||||
| CVE-2018-5814 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
|
|||||
| CVE-2018-5808 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
|
|||||
| CVE-2018-5803 | 3 Debian, Linux, Redhat | 6 Debian Linux, Linux Kernel, Enterprise Linux Desktop and 3 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
|
|||||
| CVE-2018-5802 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
|
|||||
| CVE-2018-5801 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
|
|||||
| CVE-2018-5800 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
|
|||||
| CVE-2018-5786 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
|
|||||
| CVE-2018-5785 | 3 Canonical, Debian, Uclouvain | 3 Ubuntu Linux, Debian Linux, Openjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
|
|||||
| CVE-2018-5784 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
|
|||||
| CVE-2018-5764 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Rsync | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
|
|||||
| CVE-2018-5750 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
|
|||||
| CVE-2018-5748 | 2 Debian, Redhat | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
|
|||||
| CVE-2018-5747 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
|
|||||
| CVE-2018-5740 | 7 Canonical, Debian, Hp and 4 more | 11 Ubuntu Linux, Debian Linux, Hp-ux and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
|
|||||
| CVE-2018-5735 | 1 Debian | 1 Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected.
|
|||||
| CVE-2018-5712 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
|
|||||
| CVE-2018-5711 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
|
|||||
| CVE-2018-5704 | 2 Debian, Openocd | 2 Debian Linux, Open On-chip Debugger | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
|
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
|
|||||
| CVE-2018-5702 | 2 Debian, Transmissionbt | 2 Debian Linux, Transmission | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
|
|||||
| CVE-2018-5686 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
|
|||||
| CVE-2018-5685 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
|
|||||
| CVE-2018-5683 | 4 Canonical, Debian, Qemu and 1 more | 9 Ubuntu Linux, Debian Linux, Qemu and 6 more | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
|
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
|
|||||
| CVE-2018-5407 | 7 Canonical, Debian, Nodejs and 4 more | 20 Ubuntu Linux, Debian Linux, Node.js and 17 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
|
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
|
|||||
| CVE-2018-5391 | 7 Canonical, Debian, F5 and 4 more | 73 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 70 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
|
|||||
| CVE-2018-5390 | 8 A10networks, Canonical, Cisco and 5 more | 40 Advanced Core Operating System, Ubuntu Linux, Collaboration Meeting Rooms and 37 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
|
|||||
| CVE-2018-5388 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
|
|||||
| CVE-2018-5381 | 4 Canonical, Debian, Quagga and 1 more | 5 Ubuntu Linux, Debian Linux, Quagga and 2 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
|
|||||
| CVE-2018-5380 | 4 Canonical, Debian, Quagga and 1 more | 5 Ubuntu Linux, Debian Linux, Quagga and 2 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
|
|||||
| CVE-2018-5379 | 5 Canonical, Debian, Quagga and 2 more | 10 Ubuntu Linux, Debian Linux, Quagga and 7 more | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
|
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
|
|||||
| CVE-2018-5378 | 3 Canonical, Debian, Quagga | 3 Ubuntu Linux, Debian Linux, Quagga | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
|
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
|
|||||
| CVE-2018-5345 | 5 Canonical, Debian, Fedoraproject and 2 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
|
|||||
| CVE-2018-5336 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
|
|||||
| CVE-2018-5335 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.
|
|||||