Total
9187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11529 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2019-03-21 | 6.8 MEDIUM | 8.0 HIGH |
| VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions. | |||||
| CVE-2015-2157 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2019-03-21 | 2.1 LOW | N/A |
| The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | |||||
| CVE-2018-17100 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2019-03-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | |||||
| CVE-2018-17101 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2019-03-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | |||||
| CVE-2018-1000801 | 2 Debian, Kde | 2 Debian Linux, Okular | 2019-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 | |||||
| CVE-2018-10087 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-03-20 | 2.1 LOW | 5.5 MEDIUM |
| The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | |||||
| CVE-2018-1000098 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2019-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. | |||||
| CVE-2018-10124 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-03-20 | 2.1 LOW | 5.5 MEDIUM |
| The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. | |||||
| CVE-2018-1000085 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2019-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. | |||||
| CVE-2017-9992 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2019-03-20 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-9994 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2019-03-20 | 6.8 MEDIUM | 7.8 HIGH |
| libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. | |||||
| CVE-2017-14136 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2019-03-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. | |||||
| CVE-2017-5208 | 3 Debian, Icoutils Project, Redhat | 8 Debian Linux, Icoutils, Enterprise Linux Desktop and 5 more | 2019-03-20 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. | |||||
| CVE-2017-5610 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms. | |||||
| CVE-2017-6814 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. | |||||
| CVE-2017-6815 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | |||||
| CVE-2017-5612 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. | |||||
| CVE-2017-6817 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-19 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | |||||
| CVE-2017-5194 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-19 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | |||||
| CVE-2017-5193 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-19 | 5.0 MEDIUM | 7.5 HIGH |
| The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. | |||||