#Vulnerabilities 2262
Date ID Summary Products Score Patch Annotated
2018-01-11 CVE-2018-5333 In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. Ubuntu_linux, Debian_linux, Linux_kernel 5.5
2018-08-30 CVE-2018-16140 A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. Ubuntu_linux, Fig2dev 7.8
2018-09-18 CVE-2018-1000802 Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit... Ubuntu_linux, Debian_linux 9.8
2019-12-23 CVE-2019-11050 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Ubuntu_linux, Debian_linux, Fedora, Php N/A
2019-05-30 CVE-2019-8457 SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. Ubuntu_linux, Fedora, Leap, Sqlite N/A
2019-09-09 CVE-2019-16168 In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." Ubuntu_linux, Fedora, Ontap_select_deploy_administration_utility, Leap, Sqlite N/A
2019-09-13 CVE-2019-15030 In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check. Ubuntu_linux, Linux_kernel, Leap, Enterprise_linux N/A
2018-06-18 CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. Ubuntu_linux, Debian_linux, Fedora, Python, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 7.5
2020-01-02 CVE-2013-4532 Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. Ubuntu_linux, Debian_linux, Qemu N/A
2019-12-31 CVE-2013-4357 The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Ubuntu_linux, Debian_linux, Eglibc, Fedora, Suse_linux_enterprise_server N/A