Total
8852 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12186 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12185 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12184 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12183 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12182 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12181 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12180 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12179 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12178 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12177 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12176 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
| CVE-2017-12153 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-09 | 4.9 MEDIUM | 4.4 MEDIUM |
| A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. | |||||
| CVE-2017-12151 | 4 Debian, Hp, Redhat and 1 more | 8 Debian Linux, Cifs Server, Enterprise Linux and 5 more | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. | |||||
| CVE-2017-0926 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. | |||||
| CVE-2017-0925 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 4.0 MEDIUM | 7.2 HIGH |
| Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | |||||
| CVE-2017-0918 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | |||||
| CVE-2017-0917 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting. | |||||
| CVE-2017-0916 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. | |||||
| CVE-2017-0915 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. | |||||
| CVE-2017-0903 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. | |||||