Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2908 | 2 Blender, Debian | 2 Blender, Debian Linux | 2022-06-13 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog. | |||||
| CVE-2017-2918 | 2 Blender, Debian | 2 Blender, Debian Linux | 2022-06-13 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | |||||
| CVE-2017-2924 | 2 Debian, Freexl Project | 2 Debian Linux, Freexl | 2022-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | |||||
| CVE-2017-2919 | 2 Debian, Libxls Project | 2 Debian Linux, Libxls | 2022-06-13 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability | |||||
| CVE-2017-2923 | 2 Debian, Freexl Project | 2 Debian Linux, Freexl | 2022-06-13 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | |||||
| CVE-2018-20546 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-06-13 | 5.8 MEDIUM | 8.1 HIGH |
| There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. | |||||
| CVE-2019-13057 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2022-06-13 | 3.5 LOW | 4.9 MEDIUM |
| An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) | |||||
| CVE-2019-13565 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2022-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. | |||||
| CVE-2022-26491 | 2 Debian, Pidgin | 2 Debian Linux, Pidgin | 2022-06-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | |||||
| CVE-2017-2888 | 3 Canonical, Debian, Libsdl | 3 Ubuntu Linux, Debian Linux, Simple Directmedia Layer | 2022-06-07 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | |||||
| CVE-2017-2870 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. | |||||
| CVE-2017-2862 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2022-06-07 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. | |||||
| CVE-2017-2887 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2022-06-07 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. | |||||
| CVE-2017-2885 | 3 Debian, Gnome, Redhat | 8 Debian Linux, Libsoup, Enterprise Linux Desktop and 5 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. | |||||
| CVE-2017-2835 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2022-06-07 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2834 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2022-06-07 | 6.8 MEDIUM | 7.0 HIGH |
| An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability. | |||||
| CVE-2018-4013 | 2 Debian, Live555 | 2 Debian Linux, Live555 Media Server | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. | |||||
| CVE-2018-4056 | 2 Coturn Project, Debian | 2 Coturn, Debian Linux | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability. | |||||
| CVE-2020-6061 | 4 Canonical, Coturn Project, Debian and 1 more | 4 Ubuntu Linux, Coturn, Debian Linux and 1 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. | |||||
| CVE-2020-6062 | 4 Canonical, Coturn Project, Debian and 1 more | 4 Ubuntu Linux, Coturn, Debian Linux and 1 more | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. | |||||