Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26215 | 2 Debian, Jupyter | 2 Debian Linux, Notebook | 2020-12-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5. | |||||
| CVE-2018-1083 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2020-11-30 | 7.2 HIGH | 7.8 HIGH |
| Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. | |||||
| CVE-2018-19787 | 3 Canonical, Debian, Lxml | 3 Ubuntu Linux, Debian Linux, Lxml | 2020-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. | |||||
| CVE-2020-25074 | 2 Debian, Moinmo | 2 Debian Linux, Moinmoin | 2020-11-24 | 7.5 HIGH | 9.8 CRITICAL |
| The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. | |||||
| CVE-2015-2808 | 9 Canonical, Debian, Fujitsu and 6 more | 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more | 2020-11-23 | 5.0 MEDIUM | N/A |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. | |||||
| CVE-2016-10742 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2020-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | |||||
| CVE-2017-5847 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | |||||
| CVE-2017-5848 | 3 Debian, Gstreamer Project, Redhat | 8 Debian Linux, Gstreamer, Enterprise Linux Desktop and 5 more | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | |||||
| CVE-2020-8166 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2020-11-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token. | |||||
| CVE-2014-9496 | 5 Canonical, Debian, Libsndfile Project and 2 more | 5 Ubuntu Linux, Debian Linux, Libsndfile and 2 more | 2020-11-20 | 2.1 LOW | N/A |
| The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. | |||||
| CVE-2007-6427 | 7 Apple, Canonical, Debian and 4 more | 11 Mac Os X, Ubuntu Linux, Debian Linux and 8 more | 2020-11-20 | 9.3 HIGH | N/A |
| The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | |||||
| CVE-2009-0385 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-11-20 | 9.3 HIGH | N/A |
| Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. | |||||
| CVE-2016-4610 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Icloud, Iphone Os, Itunes and 7 more | 2020-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. | |||||
| CVE-2018-5800 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2020-11-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. | |||||
| CVE-2018-12617 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-11-19 | 5.0 MEDIUM | 7.5 HIGH |
| qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. | |||||
| CVE-2018-1128 | 3 Debian, Opensuse, Redhat | 10 Debian Linux, Leap, Ceph and 7 more | 2020-11-17 | 5.4 MEDIUM | 7.5 HIGH |
| It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | |||||
| CVE-2013-4365 | 4 Apache, Debian, Opensuse and 1 more | 6 Http Server, Mod Fcgid, Debian Linux and 3 more | 2020-11-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. | |||||
| CVE-2011-1176 | 3 Apache, Debian, Mpm-itk Project | 3 Http Server, Debian Linux, Mpm-itk | 2020-11-16 | 4.3 MEDIUM | N/A |
| The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process. | |||||
| CVE-2011-2688 | 3 Apache, Debian, Mod Authnz External Project | 3 Http Server, Debian Linux, Mod Authnz External | 2020-11-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field. | |||||
| CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2020-11-16 | 6.8 MEDIUM | 9.8 CRITICAL |
| cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | |||||