Total
4173 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8780 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
|
|||||
| CVE-2018-8779 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
|
|||||
| CVE-2018-8778 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
|
|||||
| CVE-2018-8777 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
|
|||||
| CVE-2018-8087 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
|
|||||
| CVE-2018-8043 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
|
|||||
| CVE-2018-8034 | 4 Apache, Canonical, Debian and 1 more | 4 Tomcat, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
|
|||||
| CVE-2018-8014 | 5 Apache, Canonical, Debian and 2 more | 9 Tomcat, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
|
|||||
| CVE-2018-8013 | 4 Apache, Canonical, Debian and 1 more | 21 Batik, Ubuntu Linux, Debian Linux and 18 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
|
|||||
| CVE-2018-7995 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.7 MEDIUM | 4.7 MEDIUM |
|
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant
|
|||||
| CVE-2018-7858 | 4 Canonical, Opensuse, Qemu and 1 more | 9 Ubuntu Linux, Leap, Qemu and 6 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.
|
|||||
| CVE-2018-7755 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
|
|||||
| CVE-2018-7752 | 3 Canonical, Debian, Gpac | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.
|
|||||
| CVE-2018-7740 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
|
|||||
| CVE-2018-7731 | 2 Canonical, Exempi Project | 2 Ubuntu Linux, Exempi | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class.
|
|||||
| CVE-2018-7730 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.
|
|||||
| CVE-2018-7729 | 2 Canonical, Exempi Project | 2 Ubuntu Linux, Exempi | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.
|
|||||
| CVE-2018-7728 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp.
|
|||||
| CVE-2018-7584 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.
|
|||||
| CVE-2018-7566 | 6 Canonical, Debian, Linux and 3 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
|
|||||
| CVE-2018-7550 | 4 Canonical, Debian, Qemu and 1 more | 9 Ubuntu Linux, Debian Linux, Qemu and 6 more | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
|
|||||
| CVE-2018-7549 | 3 Canonical, Redhat, Zsh | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
|
|||||
| CVE-2018-7548 | 2 Canonical, Zsh | 2 Ubuntu Linux, Zsh | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
|
|||||
| CVE-2018-7537 | 3 Canonical, Debian, Djangoproject | 3 Ubuntu Linux, Debian Linux, Django | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
|
|||||
| CVE-2018-7536 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
|
|||||
| CVE-2018-7492 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
|
|||||
| CVE-2018-7480 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
|
|||||
| CVE-2018-7456 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
|
|||||
| CVE-2018-7443 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).
|
|||||
| CVE-2018-7253 | 3 Canonical, Debian, Wavpack | 3 Ubuntu Linux, Debian Linux, Wavpack | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
|
|||||
| CVE-2018-7225 | 4 Canonical, Debian, Libvncserver Project and 1 more | 9 Ubuntu Linux, Debian Linux, Libvncserver and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
|
|||||
| CVE-2018-7183 | 4 Canonical, Freebsd, Netapp and 1 more | 4 Ubuntu Linux, Freebsd, Element Software and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
|
|||||
| CVE-2018-7182 | 3 Canonical, Netapp, Ntp | 3 Ubuntu Linux, Element Software, Ntp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
|
|||||
| CVE-2018-7073 | 2 Canonical, Hp | 2 Ubuntu Linux, Moonshot Provisioning Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
|
|||||
| CVE-2018-7054 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191.
|
|||||
| CVE-2018-7053 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
|
|||||
| CVE-2018-7052 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
|
|||||
| CVE-2018-7051 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
|
|||||
| CVE-2018-7050 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
|
|||||
| CVE-2018-6951 | 2 Canonical, Gnu | 2 Ubuntu Linux, Patch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
|
|||||