Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15086 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2023-02-12 | 5.8 MEDIUM | 7.4 HIGH |
| It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
| CVE-2017-15085 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2023-02-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
| CVE-2017-15096 | 1 Gluster | 1 Glusterfs | 2023-02-12 | 2.1 LOW | 3.3 LOW |
| A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service. | |||||
| CVE-2017-12192 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation. | |||||
| CVE-2016-9596 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2023-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. | |||||
| CVE-2016-9580 | 1 Uclouvain | 1 Openjpeg | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. | |||||
| CVE-2016-9579 | 2 Canonical, Redhat | 8 Ubuntu Linux, Ceph Storage, Ceph Storage Mon and 5 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected. | |||||
| CVE-2016-9572 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2023-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. | |||||
| CVE-2016-9581 | 1 Uclouvain | 1 Openjpeg | 2023-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. | |||||
| CVE-2016-9573 | 3 Debian, Redhat, Uclouvain | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 5.8 MEDIUM | 8.1 HIGH |
| An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. | |||||
| CVE-2016-9597 | 5 Canonical, Debian, Hp and 2 more | 6 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 3 more | 2023-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. | |||||
| CVE-2017-12175 | 1 Redhat | 1 Satellite | 2023-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. | |||||
| CVE-2017-12171 | 2 Apache, Redhat | 5 Http Server, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2023-02-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. | |||||
| CVE-2017-12163 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2023-02-12 | 4.8 MEDIUM | 7.1 HIGH |
| An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. | |||||
| CVE-2017-12174 | 2 Apache, Redhat | 4 Activemq Artemis, Enterprise Linux, Hornetq and 1 more | 2023-02-12 | 7.8 HIGH | 7.5 HIGH |
| It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. | |||||
| CVE-2017-12190 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 6.5 MEDIUM |
| The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. | |||||
| CVE-2017-12188 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 6.9 MEDIUM | 7.8 HIGH |
| arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." | |||||
| CVE-2017-12154 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 3.6 LOW | 7.1 HIGH |
| The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. | |||||
| CVE-2017-12168 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.9 MEDIUM | 6.0 MEDIUM |
| The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). | |||||
| CVE-2016-9773 | 1 Imagemagick | 1 Imagemagick | 2023-02-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556. | |||||