Total
9113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6574 | 3 Debian, Golang, Redhat | 6 Debian Linux, Go, Enterprise Linux Server and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. | |||||
| CVE-2018-6555 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. | |||||
| CVE-2018-6554 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. | |||||
| CVE-2018-6553 | 3 Canonical, Cups, Debian | 3 Ubuntu Linux, Cups, Debian Linux | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. | |||||
| CVE-2018-6544 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | |||||
| CVE-2018-6521 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2018-6519 | 2 Debian, Simplesamlphp | 2 Debian Linux, Saml2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | |||||
| CVE-2018-6392 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. | |||||
| CVE-2018-6360 | 2 Debian, Mpv | 2 Debian Linux, Mpv | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. | |||||
| CVE-2018-6359 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | |||||
| CVE-2018-6358 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. | |||||
| CVE-2018-6315 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | |||||
| CVE-2018-6307 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. | |||||
| CVE-2018-6192 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | |||||
| CVE-2018-6187 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. | |||||
| CVE-2018-6179 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. | |||||
| CVE-2018-6178 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. | |||||
| CVE-2018-6175 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6174 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2018-6173 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||