Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15569 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. | |||||
| CVE-2017-15570 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. | |||||
| CVE-2017-15571 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. | |||||
| CVE-2017-15573 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. | |||||
| CVE-2017-15574 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. | |||||
| CVE-2017-6307 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2019-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. | |||||
| CVE-2017-6468 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. | |||||
| CVE-2017-6473 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. | |||||
| CVE-2017-6308 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2019-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. | |||||
| CVE-2017-6309 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2019-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. | |||||
| CVE-2017-16654 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal. | |||||
| CVE-2017-6310 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2019-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. | |||||
| CVE-2018-11408 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2019-03-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652. | |||||
| CVE-2017-2826 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2019-03-13 | 4.3 MEDIUM | 3.7 LOW |
| An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability. | |||||
| CVE-2017-6471 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. | |||||
| CVE-2017-6469 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. | |||||
| CVE-2017-16652 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2019-03-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks. | |||||
| CVE-2018-5184 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Thunderbird and 8 more | 2019-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | |||||
| CVE-2017-6498 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-03-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. | |||||
| CVE-2017-6500 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-03-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. | |||||