Total
1884 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0236 | 4 Canonical, Mageia, Opensuse and 1 more | 8 Ubuntu Linux, Mageia, Opensuse and 5 more | 2023-02-12 | 3.5 LOW | N/A |
| libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. | |||||
| CVE-2015-3276 | 2 Openldap, Redhat | 5 Openldap, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2023-02-12 | 5.0 MEDIUM | N/A |
| The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2015-3147 | 1 Redhat | 7 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 4.9 MEDIUM | 6.5 MEDIUM |
| daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | |||||
| CVE-2015-5157 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more | 2023-02-12 | 7.2 HIGH | N/A |
| arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. | |||||
| CVE-2018-14624 | 3 Debian, Fedoraproject, Redhat | 8 Debian Linux, 389 Directory Server, Enterprise Linux Desktop and 5 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. | |||||
| CVE-2018-20650 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2023-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | |||||
| CVE-2018-19058 | 4 Canonical, Debian, Freedesktop and 1 more | 6 Ubuntu Linux, Debian Linux, Poppler and 3 more | 2023-02-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. | |||||
| CVE-2019-13759 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-13757 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-13756 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2019-13755 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. | |||||
| CVE-2019-13753 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-13752 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-13751 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2014-0160 | 11 Canonical, Debian, Fedoraproject and 8 more | 33 Ubuntu Linux, Debian Linux, Fedora and 30 more | 2023-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | |||||
| CVE-2022-4254 | 2 Fedoraproject, Redhat | 13 Sssd, Enterprise Linux, Enterprise Linux Desktop and 10 more | 2023-02-09 | N/A | 8.8 HIGH |
| sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters | |||||
| CVE-2018-1311 | 4 Apache, Debian, Oracle and 1 more | 9 Xerces-c\+\+, Debian Linux, Goldengate and 6 more | 2023-02-05 | 6.8 MEDIUM | 8.1 HIGH |
| The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. | |||||
| CVE-2019-13749 | 5 Apple, Debian, Fedoraproject and 2 more | 8 Iphone Os, Debian Linux, Fedora and 5 more | 2023-02-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-13754 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2023-02-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2019-13750 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-02-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | |||||