Total
9113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19216 | 2 Debian, Nasm | 2 Debian Linux, Netwide Assembler | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. | |||||
| CVE-2018-19210 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. | |||||
| CVE-2018-19206 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. | |||||
| CVE-2018-19200 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. | |||||
| CVE-2018-19199 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. | |||||
| CVE-2018-19198 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. | |||||
| CVE-2018-19143 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | |||||
| CVE-2018-19141 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | |||||
| CVE-2018-19139 | 3 Debian, Jasper Project, Redhat | 3 Debian Linux, Jasper, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | |||||
| CVE-2018-19134 | 3 Artifex, Debian, Redhat | 7 Ghostscript, Debian Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type. | |||||
| CVE-2018-19132 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | |||||
| CVE-2018-19115 | 3 Debian, Keepalived, Redhat | 7 Debian Linux, Keepalived, Enterprise Linux Server and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. | |||||
| CVE-2018-19108 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | |||||
| CVE-2018-19107 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | |||||
| CVE-2018-19058 | 4 Canonical, Debian, Freedesktop and 1 more | 6 Ubuntu Linux, Debian Linux, Poppler and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. | |||||
| CVE-2018-19052 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Backports Sle and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. | |||||
| CVE-2018-1999010 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in cced03dd667a5df6df8fd40d8de0bff477ee02e8 and later. | |||||
| CVE-2018-18898 | 4 Bestpractical, Canonical, Debian and 1 more | 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. | |||||
| CVE-2018-18897 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | |||||
| CVE-2018-18873 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | |||||