Total
1916 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14399 | 4 Canonical, Debian, Libvncserver Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more | 2024-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed. | |||||
| CVE-2019-9675 | 3 Canonical, Opensuse, Php | 3 Ubuntu Linux, Leap, Php | 2024-05-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible. | |||||
| CVE-2019-8341 | 2 Opensuse, Pocoo | 2 Leap, Jinja2 | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing | |||||
| CVE-2019-19067 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2024-05-17 | 4.9 MEDIUM | 4.4 MEDIUM |
| Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading | |||||
| CVE-2019-19046 | 3 Fedoraproject, Linux, Opensuse | 3 Fedora, Linux Kernel, Leap | 2024-05-17 | 6.8 MEDIUM | 6.5 MEDIUM |
| A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time | |||||
| CVE-2019-12904 | 2 Gnupg, Opensuse | 2 Libgcrypt, Leap | 2024-05-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack | |||||
| CVE-2017-16232 | 3 Libtiff, Opensuse, Suse | 5 Libtiff, Leap, Linux Enterprise Desktop and 2 more | 2024-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue | |||||
| CVE-2019-17069 | 3 Netapp, Opensuse, Putty | 3 Oncommand Unified Manager Core Package, Leap, Putty | 2024-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | |||||
| CVE-2017-18017 | 9 Arista, Canonical, Debian and 6 more | 29 Eos, Ubuntu Linux, Debian Linux and 26 more | 2024-04-24 | 10.0 HIGH | 9.8 CRITICAL |
| The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | |||||
| CVE-2018-14553 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-04-07 | 4.3 MEDIUM | 7.5 HIGH |
| gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled). | |||||
| CVE-2020-25637 | 2 Opensuse, Redhat | 2 Leap, Libvirt | 2024-04-01 | 7.2 HIGH | 6.7 MEDIUM |
| A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-5496 | 2 Fontforge, Opensuse | 2 Fontforge, Leap | 2024-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. | |||||
| CVE-2020-5395 | 3 Fedoraproject, Fontforge, Opensuse | 3 Fedora, Fontforge, Leap | 2024-03-08 | 6.8 MEDIUM | 8.8 HIGH |
| FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | |||||
| CVE-2019-5737 | 2 Nodejs, Opensuse | 2 Node.js, Leap | 2024-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1. | |||||
| CVE-2019-15606 | 5 Debian, Nodejs, Opensuse and 2 more | 7 Debian Linux, Node.js, Leap and 4 more | 2024-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons | |||||
| CVE-2019-15605 | 6 Debian, Fedoraproject, Nodejs and 3 more | 13 Debian Linux, Fedora, Node.js and 10 more | 2024-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | |||||
| CVE-2019-15604 | 5 Debian, Nodejs, Opensuse and 2 more | 10 Debian Linux, Node.js, Leap and 7 more | 2024-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | |||||
| CVE-2017-18595 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2024-03-07 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | |||||
| CVE-2016-2107 | 8 Canonical, Debian, Google and 5 more | 15 Ubuntu Linux, Debian Linux, Android and 12 more | 2024-02-16 | 2.6 LOW | 5.9 MEDIUM |
| The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. | |||||
| CVE-2019-14821 | 8 Canonical, Debian, Fedoraproject and 5 more | 38 Ubuntu Linux, Debian Linux, Fedora and 35 more | 2024-02-16 | 7.2 HIGH | 8.8 HIGH |
| An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. | |||||