Total
8822 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0458 | 2 Debian, Nicolas Boullis | 2 Debian Linux, Mah-jong | 2024-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference. | |||||
| CVE-2022-24439 | 3 Debian, Fedoraproject, Gitpython Project | 3 Debian Linux, Fedora, Gitpython | 2024-01-09 | N/A | 9.8 CRITICAL |
| All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | |||||
| CVE-2023-41915 | 3 Debian, Fedoraproject, Openpmix | 3 Debian Linux, Fedora, Openpmix | 2024-01-09 | N/A | 8.1 HIGH |
| OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | |||||
| CVE-2023-38403 | 6 Apple, Debian, Es and 3 more | 7 Macos, Debian Linux, Iperf3 and 4 more | 2024-01-09 | N/A | 7.5 HIGH |
| iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | |||||
| CVE-2023-4863 | 6 Debian, Fedoraproject, Google and 3 more | 8 Debian Linux, Fedora, Chrome and 5 more | 2024-01-07 | N/A | 8.8 HIGH |
| Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2022-44730 | 2 Apache, Debian | 2 Xml Graphics Batik, Debian Linux | 2024-01-07 | N/A | 4.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. | |||||
| CVE-2022-44729 | 2 Apache, Debian | 2 Xml Graphics Batik, Debian Linux | 2024-01-07 | N/A | 7.1 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. | |||||
| CVE-2022-42890 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 7.5 HIGH |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16. | |||||
| CVE-2022-41704 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 7.5 HIGH |
| A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16. | |||||
| CVE-2022-40146 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 7.5 HIGH |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. | |||||
| CVE-2022-38648 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | |||||
| CVE-2022-38398 | 2 Apache, Debian | 2 Batik, Debian Linux | 2024-01-07 | N/A | 5.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. | |||||
| CVE-2018-8013 | 4 Apache, Canonical, Debian and 1 more | 21 Batik, Ubuntu Linux, Debian Linux and 18 more | 2024-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. | |||||
| CVE-2023-24805 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Cups-filters | 2024-01-05 | N/A | 8.8 HIGH |
| cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. | |||||
| CVE-2021-31799 | 3 Debian, Oracle, Ruby-lang | 4 Debian Linux, Jd Edwards Enterpriseone Tools, Rdoc and 1 more | 2024-01-05 | 4.4 MEDIUM | 7.0 HIGH |
| In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | |||||
| CVE-2023-45866 | 6 Apple, Bluproducts, Canonical and 3 more | 16 Ipad Os, Iphone Os, Iphone Se and 13 more | 2024-01-05 | N/A | 6.3 MEDIUM |
| Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. | |||||
| CVE-2021-22940 | 5 Debian, Netapp, Nodejs and 2 more | 7 Debian Linux, Nextgen Api, Node.js and 4 more | 2024-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | |||||
| CVE-2021-22939 | 5 Debian, Netapp, Nodejs and 2 more | 8 Debian Linux, Nextgen Api, Node.js and 5 more | 2024-01-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. | |||||
| CVE-2021-22930 | 4 Debian, Netapp, Nodejs and 1 more | 4 Debian Linux, Nextgen Api, Node.js and 1 more | 2024-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | |||||
| CVE-2012-5639 | 3 Apache, Debian, Libreoffice | 3 Openoffice, Debian Linux, Libreoffice | 2024-01-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibreOffice and OpenOffice automatically open embedded content | |||||