Total
9133 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16471 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. | |||||
| CVE-2018-16468 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | |||||
| CVE-2018-16451 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. | |||||
| CVE-2018-16435 | 4 Canonical, Debian, Littlecms and 1 more | 6 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | |||||
| CVE-2018-16430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. | |||||
| CVE-2018-16402 | 5 Canonical, Debian, Elfutils Project and 2 more | 7 Ubuntu Linux, Debian Linux, Elfutils and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice. | |||||
| CVE-2018-16396 | 4 Canonical, Debian, Redhat and 1 more | 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. | |||||
| CVE-2018-16395 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | |||||
| CVE-2018-16336 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. | |||||
| CVE-2018-16335 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. | |||||
| CVE-2018-16276 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. | |||||
| CVE-2018-16230 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). | |||||
| CVE-2018-16229 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). | |||||
| CVE-2018-16228 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). | |||||
| CVE-2018-16227 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. | |||||
| CVE-2018-16152 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. | |||||
| CVE-2018-16151 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. | |||||
| CVE-2018-16068 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2018-16067 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-16066 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||