Total
1845 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1508 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2020-08-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. | |||||
| CVE-2014-1510 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2020-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. | |||||
| CVE-2012-1798 | 4 Debian, Imagemagick, Opensuse and 1 more | 10 Debian Linux, Imagemagick, Opensuse and 7 more | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. | |||||
| CVE-2012-0260 | 5 Canonical, Debian, Imagemagick and 2 more | 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. | |||||
| CVE-2012-0248 | 4 Canonical, Debian, Imagemagick and 1 more | 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more | 2020-07-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. | |||||
| CVE-2012-0247 | 4 Canonical, Debian, Imagemagick and 1 more | 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more | 2020-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | |||||
| CVE-2010-4494 | 10 Apache, Apple, Debian and 7 more | 17 Openoffice, Iphone Os, Itunes and 14 more | 2020-07-31 | 7.5 HIGH | N/A |
| Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||||
| CVE-2017-18267 | 4 Canonical, Debian, Freedesktop and 1 more | 7 Ubuntu Linux, Debian Linux, Poppler and 4 more | 2020-07-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | |||||
| CVE-2018-6798 | 4 Canonical, Debian, Perl and 1 more | 5 Ubuntu Linux, Debian Linux, Perl and 2 more | 2020-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. | |||||
| CVE-2016-0764 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2020-07-01 | 2.1 LOW | 6.2 MEDIUM |
| Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. | |||||
| CVE-2018-7726 | 3 Canonical, Redhat, Zziplib Project | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||
| CVE-2018-7725 | 3 Canonical, Redhat, Zziplib Project | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. | |||||
| CVE-2015-7703 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 4.3 MEDIUM | 7.5 HIGH |
| The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. | |||||
| CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more | 2020-06-18 | 4.3 MEDIUM | 7.5 HIGH |
| NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | |||||
| CVE-2015-7702 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7701 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2015-7692 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7691 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2014-9750 | 4 Debian, Ntp, Oracle and 1 more | 6 Debian Linux, Ntp, Linux and 3 more | 2020-06-18 | 5.8 MEDIUM | N/A |
| ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. | |||||
| CVE-2015-7852 | 5 Debian, Netapp, Ntp and 2 more | 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more | 2020-06-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | |||||