Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30674 | 4 Adobe, Apple, Fedoraproject and 1 more | 4 Indesign, Macos, Fedora and 1 more | 2023-01-27 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-40617 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-01-27 | N/A | 7.5 HIGH |
| strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. | |||||
| CVE-2017-9109 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Adns, Leap | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct. | |||||
| CVE-2017-9103 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Adns, Leap | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records. | |||||
| CVE-2017-9104 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Adns, Leap | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. | |||||
| CVE-2017-9108 | 3 Fedoraproject, Gnu, Opensuse | 3 Fedora, Adns, Leap | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte. | |||||
| CVE-2017-9105 | 2 Fedoraproject, Gnu | 2 Fedora, Adns | 2023-01-27 | 7.5 HIGH | 8.8 HIGH |
| An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution. | |||||
| CVE-2020-14148 | 3 Barton, Debian, Fedoraproject | 3 Ngircd, Debian Linux, Fedora | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. | |||||
| CVE-2020-13999 | 2 Fedoraproject, Libemf Project | 2 Fedora, Libemf | 2023-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. | |||||
| CVE-2018-6703 | 1 Mcafee | 1 Agent | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. | |||||
| CVE-2018-6689 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2023-01-27 | 4.6 MEDIUM | 7.8 HIGH |
| Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. | |||||
| CVE-2018-6700 | 1 Mcafee | 1 True Key | 2023-01-27 | 6.8 MEDIUM | 7.8 HIGH |
| DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2020-4046 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2023-01-27 | 3.5 LOW | 5.4 MEDIUM |
| In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | |||||
| CVE-2018-6690 | 2 Mcafee, Microsoft | 2 Application Change Control, Windows | 2023-01-27 | 3.6 LOW | 7.1 HIGH |
| Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. | |||||
| CVE-2020-10702 | 1 Qemu | 1 Qemu | 2023-01-27 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. | |||||
| CVE-2020-7115 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher. | |||||
| CVE-2020-13775 | 2 Fedoraproject, Znc | 2 Fedora, Znc | 2023-01-27 | 3.5 LOW | 6.5 MEDIUM |
| ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. | |||||
| CVE-2020-11019 | 2 Freerdp, Opensuse | 2 Freerdp, Leap | 2023-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | |||||
| CVE-2020-11018 | 2 Freerdp, Opensuse | 2 Freerdp, Leap | 2023-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. | |||||
| CVE-2020-11017 | 2 Freerdp, Opensuse | 2 Freerdp, Leap | 2023-01-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. | |||||