Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000256 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2020-11-16 | 6.8 MEDIUM | 8.1 HIGH |
| libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |||||
| CVE-2017-14167 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-16 | 7.2 HIGH | 8.8 HIGH |
| Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. | |||||
| CVE-2016-7161 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-16 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. | |||||
| CVE-2017-11107 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2020-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. | |||||
| CVE-2006-2016 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2020-11-16 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. | |||||
| CVE-2004-0434 | 2 Debian, Heimdal Project | 2 Debian Linux, Heimdal | 2020-11-16 | 10.0 HIGH | N/A |
| k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. | |||||
| CVE-2016-6128 | 5 Canonical, Debian, Libgd and 2 more | 5 Ubuntu Linux, Debian Linux, Libgd and 2 more | 2020-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. | |||||
| CVE-2014-3467 | 5 Debian, F5, Gnu and 2 more | 16 Debian Linux, Arx, Arx Firmware and 13 more | 2020-11-16 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. | |||||
| CVE-2014-3468 | 5 Debian, F5, Gnu and 2 more | 16 Debian Linux, Arx, Arx Firmware and 13 more | 2020-11-16 | 7.5 HIGH | N/A |
| The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. | |||||
| CVE-2014-3469 | 4 Debian, Gnu, Redhat and 1 more | 14 Debian Linux, Gnutls, Libtasn1 and 11 more | 2020-11-16 | 5.0 MEDIUM | N/A |
| The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. | |||||
| CVE-2005-1260 | 4 Apple, Bzip, Canonical and 1 more | 4 Mac Os X, Bzip2, Ubuntu Linux and 1 more | 2020-11-13 | 5.0 MEDIUM | N/A |
| bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | |||||
| CVE-2019-3883 | 3 Debian, Fedoraproject, Redhat | 3 Debian Linux, 389 Directory Server, Enterprise Linux | 2020-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service. | |||||
| CVE-2017-13080 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2020-11-10 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. | |||||
| CVE-2020-5504 | 3 Debian, Phpmyadmin, Suse | 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server | 2020-11-10 | 6.5 MEDIUM | 8.8 HIGH |
| In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | |||||
| CVE-2018-5950 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Mailman and 6 more | 2020-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | |||||
| CVE-2019-16728 | 2 Cure53, Debian | 2 Dompurify, Debian Linux | 2020-11-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari. | |||||
| CVE-2019-19617 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | |||||
| CVE-2018-5802 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2020-11-10 | 6.8 MEDIUM | 8.8 HIGH |
| An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | |||||
| CVE-2017-9310 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 1.9 LOW | 5.6 MEDIUM |
| QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. | |||||
| CVE-2016-10155 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 4.9 MEDIUM | 6.0 MEDIUM |
| Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | |||||