Search
Total
6831 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12105 | 2 Blender, Debian | 2 Blender, Debian Linux | 2019-03-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
| CVE-2018-1000801 | 2 Debian, Kde | 2 Debian Linux, Okular | 2019-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 | |||||
| CVE-2018-10087 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-03-20 | 2.1 LOW | 5.5 MEDIUM |
| The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | |||||
| CVE-2018-1000098 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2019-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. | |||||
| CVE-2018-10124 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-03-20 | 2.1 LOW | 5.5 MEDIUM |
| The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. | |||||
| CVE-2018-1000085 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2019-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. | |||||
| CVE-2017-9992 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2019-03-20 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-9994 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2019-03-20 | 6.8 MEDIUM | 7.8 HIGH |
| libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. | |||||
| CVE-2017-14136 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2019-03-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. | |||||
| CVE-2017-5208 | 3 Debian, Icoutils Project, Redhat | 8 Debian Linux, Icoutils, Enterprise Linux Desktop and 5 more | 2019-03-20 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. | |||||
| CVE-2017-5204 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). | |||||
| CVE-2017-5202 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | |||||
| CVE-2017-5205 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). | |||||
| CVE-2017-5610 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms. | |||||
| CVE-2017-5203 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). | |||||
| CVE-2017-6814 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. | |||||
| CVE-2017-6815 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | |||||
| CVE-2017-5612 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. | |||||
| CVE-2017-6817 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | |||||
| CVE-2015-7499 | 7 Apple, Canonical, Debian and 4 more | 15 Iphone Os, Mac Os X, Tvos and 12 more | 2019-03-19 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | |||||
| CVE-2017-5194 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-19 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | |||||
| CVE-2017-5193 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-19 | 5.0 MEDIUM | 7.5 HIGH |
| The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. | |||||
| CVE-2018-7740 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2019-03-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. | |||||
| CVE-2017-8849 | 2 Debian, Smb4k Project | 2 Debian Linux, Smb4k | 2019-03-18 | 7.2 HIGH | 7.8 HIGH |
| smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. | |||||
| CVE-2017-18241 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-03-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. | |||||
| CVE-2017-5356 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). | |||||
| CVE-2017-9061 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. | |||||
| CVE-2017-9063 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | |||||
| CVE-2017-9064 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 6.8 MEDIUM | 8.8 HIGH |
| In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | |||||
| CVE-2017-9065 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. | |||||
| CVE-2017-9066 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 5.0 MEDIUM | 8.6 HIGH |
| In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | |||||
| CVE-2018-0494 | 4 Canonical, Debian, Gnu and 1 more | 6 Ubuntu Linux, Debian Linux, Wget and 3 more | 2019-03-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. | |||||
| CVE-2017-9469 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash. | |||||
| CVE-2017-9468 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. | |||||
| CVE-2018-0492 | 2 Beep Project, Debian | 2 Beep, Debian Linux | 2019-03-14 | 4.4 MEDIUM | 7.0 HIGH |
| Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. | |||||
| CVE-2017-15565 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2019-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | |||||
| CVE-2018-1000037 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | |||||
| CVE-2018-1000069 | 2 Debian, Freeplane | 2 Debian Linux, Freeplane | 2019-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+. | |||||
| CVE-2018-1000051 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-03-14 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. | |||||
| CVE-2018-1000040 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. | |||||
| CVE-2017-15577 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2017-15722 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | |||||
| CVE-2017-15723 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | |||||
| CVE-2017-15721 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. | |||||
| CVE-2017-15576 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2017-15572 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. | |||||
| CVE-2017-15568 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. | |||||
| CVE-2017-15569 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. | |||||
| CVE-2017-15570 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. | |||||
| CVE-2017-15571 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. | |||||