Total
3980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16646 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Poppler | 2020-07-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. | |||||
| CVE-2019-9200 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Poppler | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2017-18267 | 4 Canonical, Debian, Freedesktop and 1 more | 7 Ubuntu Linux, Debian Linux, Poppler and 4 more | 2020-07-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | |||||
| CVE-2015-8607 | 3 Canonical, Debian, Perl | 3 Ubuntu Linux, Debian Linux, Pathtools | 2020-07-14 | 7.5 HIGH | 7.3 HIGH |
| The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. | |||||
| CVE-2018-18314 | 5 Canonical, Debian, Netapp and 2 more | 8 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 5 more | 2020-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2018-18313 | 6 Apple, Canonical, Debian and 3 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2020-07-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. | |||||
| CVE-2018-18312 | 5 Canonical, Debian, Netapp and 2 more | 8 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 5 more | 2020-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2018-6798 | 4 Canonical, Debian, Perl and 1 more | 5 Ubuntu Linux, Debian Linux, Perl and 2 more | 2020-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. | |||||
| CVE-2014-9087 | 5 Canonical, Debian, Gnupg and 2 more | 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more | 2020-07-14 | 7.5 HIGH | N/A |
| Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. | |||||
| CVE-2018-8881 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2020-07-13 | 6.8 MEDIUM | 7.3 HIGH |
| Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string. | |||||
| CVE-2020-5967 | 2 Canonical, Nvidia | 9 Ubuntu Linux, Geforce, Geforce Firmware and 6 more | 2020-07-13 | 1.9 LOW | 4.7 MEDIUM |
| NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service. | |||||
| CVE-2019-18679 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. | |||||
| CVE-2019-18678 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-07-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon. | |||||
| CVE-2019-18677 | 3 Canonical, Fedoraproject, Squid-cache | 3 Ubuntu Linux, Fedora, Squid | 2020-07-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. | |||||
| CVE-2016-4761 | 2 Canonical, Webkitgtk | 2 Ubuntu Linux, Webkitgtk\+ | 2020-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS | |||||
| CVE-2020-8130 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2020-06-30 | 6.9 MEDIUM | 6.4 MEDIUM |
| There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | |||||
| CVE-2019-12881 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-06-29 | 4.6 MEDIUM | 7.8 HIGH |
| i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0. | |||||
| CVE-2018-7725 | 3 Canonical, Redhat, Zziplib Project | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. | |||||
| CVE-2018-7726 | 3 Canonical, Redhat, Zziplib Project | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||
| CVE-2018-6869 | 3 Canonical, Debian, Zziplib Project | 3 Ubuntu Linux, Debian Linux, Zziplib | 2020-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | |||||