• git://
#Vulnerabilities 2771
Date ID Summary Products Score Patch
2020-06-24 CVE-2020-15011 GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/ private archive login page. Ubuntu_linux, Debian_linux, Mailman 4.3
2015-07-20 CVE-2015-3185 The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Http_server, Mac_os_x, Mac_os_x_server, Xcode, Ubuntu_linux N/A
2015-03-08 CVE-2015-0228 The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Http_server, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Opensuse N/A
2018-03-06 CVE-2018-7731 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FormatSupport/WEBP_Support.cpp does not check whether a bitstream has a NULL value, leading to a NULL pointer dereference in the WEBP::VP8XChunk class. Ubuntu_linux, Exempi 5.5
2018-03-06 CVE-2018-7730 An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. Ubuntu_linux, Debian_linux, Exempi 5.5
2018-03-06 CVE-2018-7729 An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp. Ubuntu_linux, Exempi 5.5
2018-03-06 CVE-2018-7728 An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. Ubuntu_linux, Debian_linux, Exempi 5.5
2020-05-14 CVE-2020-1945 Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. Ant, Ubuntu_linux, Fedora 6.3
2019-02-11 CVE-2019-5736 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling,... Mesos, Ubuntu_linux, Docker, Fedora, Kubernetes_engine, Onesphere, Lxc, Runc, Dc\/os, Kubernetes_engine, Service_management_automation, Hci_management_node, Solidfire, Backports_sle, Leap, Container_development_kit, Enterprise_linux, Enterprise_linux_server, Openshift 8.6
2019-10-29 CVE-2019-15681 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. Ubuntu_linux, Debian_linux, Libvncserver, Leap 7.5