Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8244 | 2 Bufferlist Project, Debian | 2 Bufferlist, Debian Linux | 2022-05-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls. | |||||
| CVE-2020-8165 | 3 Debian, Opensuse, Rubyonrails | 3 Debian Linux, Leap, Rails | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | |||||
| CVE-2020-8164 | 3 Debian, Opensuse, Rubyonrails | 4 Debian Linux, Backports Sle, Leap and 1 more | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | |||||
| CVE-2020-8162 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | |||||
| CVE-2020-8163 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2022-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. | |||||
| CVE-2020-7106 | 5 Cacti, Debian, Fedoraproject and 2 more | 8 Cacti, Debian Linux, Extra Packages For Enterprise Linux and 5 more | 2022-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). | |||||
| CVE-2020-13230 | 3 Cacti, Debian, Fedoraproject | 3 Cacti, Debian Linux, Fedora | 2022-05-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). | |||||
| CVE-2021-23225 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. | |||||
| CVE-2018-10061 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). | |||||
| CVE-2019-11025 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. | |||||
| CVE-2018-10060 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2022-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | |||||
| CVE-2021-27291 | 3 Debian, Fedoraproject, Pygments | 3 Debian Linux, Fedora, Pygments | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | |||||
| CVE-2021-27803 | 3 Debian, Fedoraproject, W1.fi | 3 Debian Linux, Fedora, Wpa Supplicant | 2022-05-23 | 5.4 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | |||||
| CVE-2021-26910 | 2 Debian, Firejail Project | 2 Debian Linux, Firejail | 2022-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | |||||
| CVE-2021-26675 | 3 Debian, Intel, Opensuse | 3 Debian Linux, Connman, Leap | 2022-05-23 | 5.8 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | |||||
| CVE-2021-27363 | 3 Debian, Linux, Netapp | 4 Debian Linux, Linux Kernel, Cloud Backup and 1 more | 2022-05-23 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. | |||||
| CVE-2019-7317 | 11 Canonical, Debian, Hp and 8 more | 33 Ubuntu Linux, Debian Linux, Xp7 Command View and 30 more | 2022-05-23 | 2.6 LOW | 5.3 MEDIUM |
| png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |||||
| CVE-2021-28831 | 3 Busybox, Debian, Fedoraproject | 3 Busybox, Debian Linux, Fedora | 2022-05-20 | 5.0 MEDIUM | 7.5 HIGH |
| decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | |||||
| CVE-2022-28463 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2022-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. | |||||
| CVE-2022-27114 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2022-05-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. | |||||