CVEs (1,891)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Redhat 6Ceph Storage Ceph Storage MonCeph Storage Osd+3 moreNov 21, 2024 Aug 1, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of se...Show more |
3Debian Jasper ProjectRedhat7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 21, 2024 Aug 1, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. |
2Mozilla Redhat7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+4 moreNov 21, 2024 Aug 1, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to s...Show more |
3Debian RedhatUclouvain7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 21, 2024 Aug 1, 2018 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose som...Show more |
1Redhat 4Ceph Enterprise Linux DesktopEnterprise Linux Server+1 moreNov 21, 2024 Jul 31, 2018 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST...Show more |
4Canonical DebianLinux+1 more7Debian Linux Enterprise LinuxEnterprise Linux Desktop+4 moreNov 21, 2024 Jul 30, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4...Show more |
4Canonical DebianLinux+1 more9Debian Linux Enterprise LinuxEnterprise Linux Desktop+6 moreNov 21, 2024 Jul 30, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised...Show more |
5Cabextract Cabextract ProjectCanonical+2 more8Ansible Tower CabextractDebian Linux+5 moreNov 21, 2024 Jul 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. |
5Cabextract Cabextract ProjectCanonical+2 more8Ansible Tower CabextractDebian Linux+5 moreNov 21, 2024 Jul 28, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. |
5Cabextract Cabextract ProjectCanonical+2 more8Ansible Tower CabextractDebian Linux+5 moreNov 21, 2024 Jul 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. |
5Cabextract Cabextract ProjectCanonical+2 more8Ansible Tower CabextractDebian Linux+5 moreNov 21, 2024 Jul 28, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference...Show more |
4Citrix DebianQemu+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 21, 2024 Jul 27, 2018 N/A· v4 9.9 CRITICAL· v3 9.0 HIGH· v2 A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is perf...Show more |
3Debian RedhatSpice Project7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 21, 2024 Jul 27, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. |
2Liblouis Redhat6Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+3 moreNov 21, 2024 Jul 27, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. |
1Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+2 moreNov 21, 2024 Jul 27, 2018 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. |
3Debian RedhatSpice Project7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 21, 2024 Jul 27, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible c...Show more |
2Linux Redhat5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+2 moreNov 21, 2024 Jul 27, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could r...Show more |
2Qemu Redhat6Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+3 moreNov 21, 2024 Jul 27, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A u...Show more |
2Freedesktop Redhat6Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+3 moreNov 21, 2024 Jul 27, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. |
5Citrix DebianQemu+2 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Jul 27, 2018 N/A· v4 9.9 CRITICAL· v3 9.0 HIGH· v2 Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged...Show more |