Total
9134 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19475 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | |||||
| CVE-2018-19432 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | |||||
| CVE-2018-19409 | 4 Artifex, Canonical, Debian and 1 more | 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | |||||
| CVE-2018-19364 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | |||||
| CVE-2018-19362 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | |||||
| CVE-2018-19361 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | |||||
| CVE-2018-19360 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | |||||
| CVE-2018-19296 | 4 Debian, Fedoraproject, Phpmailer Project and 1 more | 4 Debian Linux, Fedora, Phpmailer and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | |||||
| CVE-2018-19274 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. | |||||
| CVE-2018-19216 | 2 Debian, Nasm | 2 Debian Linux, Netwide Assembler | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. | |||||
| CVE-2018-19210 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. | |||||
| CVE-2018-19206 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. | |||||
| CVE-2018-19200 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. | |||||
| CVE-2018-19199 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication. | |||||
| CVE-2018-19198 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. | |||||
| CVE-2018-19143 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | |||||
| CVE-2018-19141 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | |||||
| CVE-2018-19139 | 3 Debian, Jasper Project, Redhat | 3 Debian Linux, Jasper, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | |||||
| CVE-2018-19134 | 3 Artifex, Debian, Redhat | 7 Ghostscript, Debian Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type. | |||||
| CVE-2018-19132 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | |||||