58851 matches found
CVE-2018-19395
Removed by vendor...
CVE-2018-17960
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste...
CVE-2018-19045
keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information...
CVE-2018-15687
A race condition in chownone of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239...
CVE-2018-12362
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 SSSE3 scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox 61...
CVE-2018-12365
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...
CVE-2018-18445
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjustscalarminmaxvals in kernel/bpf/verifier.c mishandles 32-bit right shifts...
CVE-2018-3169
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2018-3214
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2018-16750
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found...
CVE-2018-16403
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarfgetabbrev in dwarfgetabbrev.c and dwarfhasattr in dwarfhasattr.c, leading to a heap-based buffer over-read and an application crash...
CVE-2018-8004
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server ATS. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users...
CVE-2017-15396
Removed by vendor...
CVE-2018-15572
The spectrev2selectmitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks...
CVE-2018-6553
The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to...
CVE-2018-14435
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c...
CVE-2018-7167
Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...
CVE-2018-1000200
The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory OOM killing of large mlocked processes. The issue arises from an oom killed process's final thread calling exitmmap, which calls munlockvmapagesall for mlocked vmas.This can happen...
CVE-2018-11251
In ImageMagick 7.0.7-23 Q16 x8664 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service application crash in SetGrayscaleImage in MagickCore/quantize.c via a crafted SUN image file...
CVE-2017-0366
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...
CVE-2017-18250
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file...
CVE-2018-1000122
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage...
CVE-2018-7170
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an...
CVE-2018-7492
A NULL pointer dereference was found in the net/rds/rdma.c rdsrdmamap function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDSGETMR and RDSGETMRFORDEST...
CVE-2018-1049
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to...
CVE-2018-6952
A double free exists in the anotherhunk function in pch.c in GNU patch through 2.7.6...
CVE-2018-5750
The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call...
CVE-2018-2634
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JGSS. Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2018-5247
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c...
CVE-2017-17885
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file...
CVE-2017-17864
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles statesequal comparisons between the pointer data type and the UNKNOWNVALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."...
CVE-2017-17807
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the requestkey system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search...
CVE-2017-17741
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a writemmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h...
CVE-2017-17499
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp...
CVE-2017-1000410
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. B...
CVE-2017-16939
The XFRM dump policy implementation in net/xfrm/xfrmuser.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service use-after-free via a crafted SORCVBUF setsockopt system call in conjunction with XFRMMSGGETPOLICY Netlink messages...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
CVE-2017-16882
Removed by vendor...
CVE-2017-16645
The imspcugetcdcuniondesc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service imspcuparsecdcdata out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...
CVE-2017-16538
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service general protection fault and system crash or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timin...
CVE-2017-16228
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...
CVE-2017-15906
The processopen function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files...
CVE-2017-1000099
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user stdout or the application's provide callback, which could lead to other private data from the heap to...
CVE-2017-12616
Removed by vendor...
CVE-2017-14174
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over...
CVE-2017-3735
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g...
CVE-2017-13142
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files...
CVE-2017-13141
In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c...
CVE-2017-13146
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c...
CVE-2017-13058
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file...