Total
1918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5331 | 4 Canonical, Debian, Icoutils Project and 1 more | 5 Ubuntu Linux, Debian Linux, Icoutils and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | |||||
| CVE-2017-18922 | 5 Canonical, Fedoraproject, Libvncserver Project and 2 more | 16 Ubuntu Linux, Fedora, Libvncserver and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. | |||||
| CVE-2017-18595 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | |||||
| CVE-2017-18551 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. | |||||
| CVE-2017-18215 | 2 Opensuse, Xv Project | 2 Leap, Xv | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. | |||||
| CVE-2017-18078 | 3 Debian, Opensuse, Systemd Project | 3 Debian Linux, Leap, Systemd | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | |||||
| CVE-2017-16232 | 3 Libtiff, Opensuse, Suse | 5 Libtiff, Leap, Linux Enterprise Desktop and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue | |||||
| CVE-2017-14804 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Software Development Kit | 2024-11-21 | 5.0 MEDIUM | 9.9 CRITICAL |
| The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | |||||
| CVE-2016-9597 | 5 Canonical, Debian, Hp and 2 more | 6 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. | |||||
| CVE-2016-5314 | 4 Debian, Libtiff, Opensuse and 1 more | 5 Debian Linux, Libtiff, Leap and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. | |||||
| CVE-2016-4983 | 3 Dovecot, Opensuse, Redhat | 4 Dovecot, Leap, Opensuse and 1 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | |||||
| CVE-2016-10937 | 4 Debian, Fedoraproject, Imapfilter Project and 1 more | 5 Debian Linux, Fedora, Imapfilter and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | |||||
| CVE-2016-10739 | 2 Gnu, Opensuse | 2 Glibc, Leap | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. | |||||
| CVE-2016-1000104 | 2 Apache, Opensuse | 3 Mod Fcgid, Leap, Opensuse | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. | |||||
| CVE-2016-1000002 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Gnome Display Manager, Leap and 1 more | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| gdm3 3.14.2 and possibly later has an information leak before screen lock | |||||
| CVE-2015-8980 | 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more | 4 Fedora, Leap, Php-gettext and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | |||||
| CVE-2015-7542 | 3 Aquamaniac, Debian, Opensuse | 3 Gwenhywfar, Debian Linux, Leap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. | |||||
| CVE-2015-1290 | 3 Google, Opensuse, Qt | 3 Chrome, Leap, Qt | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. | |||||