|
2020-03-12
|
CVE-2020-10531
|
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
|
Chrome, International_components_for_unicode, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation
|
8.8
|
|
|
|
2017-04-17
|
CVE-2017-5645
|
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
|
Log4j, Oncommand_api_services, Oncommand_insight, Oncommand_workflow_automation, Service_level_manager, Snapcenter, Storage_automation_store, Api_gateway, Autovue_vuelink_integration, Banking_platform, Bi_publisher, Communications_converged_application_server_\-_service_controller, Communications_messaging_server, Communications_online_mediation_controller, Communications_pricing_design_center, Communications_service_broker, Communications_webrtc_session_controller, Configuration_manager, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_for_fusion_middleware, Enterprise_manager_for_mysql_database, Enterprise_manager_for_oracle_database, Enterprise_manager_for_peoplesoft, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_profitability_management, Flexcube_investor_servicing, Fusion_middleware_mapviewer, Goldengate_application_adapters, Identity_analytics, Identity_management_suite, Insurance_calculation_engine, Insurance_policy_administration, Insurance_rules_palette, Jd_edwards_enterpriseone_tools, Jdeveloper, Mysql_enterprise_monitor, Peoplesoft_enterprise_fin_install, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Retail_clearance_optimization_engine, Retail_extract_transform_and_load, Retail_integration_bus, Retail_open_commerce_platform, Retail_predictive_application_server, Siebel_ui_framework, Soa_suite, Tape_library_acsls, Utilities_work_and_asset_management, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
9.8
|
|
|
|
2015-12-06
|
CVE-2015-3195
|
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
|
Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Openssl, Leap, Opensuse, Api_gateway, Communications_webrtc_session_controller, Exalogic_infrastructure, Http_server, Integrated_lights_out_manager_firmware, Life_sciences_data_hub, Linux, Solaris, Sun_ray_software, Transportation_management, Vm_server, Vm_virtualbox, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_server
|
5.3
|
|
|
|
2013-04-03
|
CVE-2013-0800
|
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
|
Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Pixman, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit
|
N/A
|
|
|
|
2018-05-16
|
CVE-2018-11212
|
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
|
Ubuntu_linux, Debian_linux, Libjpeg, Oncommand_unified_manager, Oncommand_workflow_automation, Snapmanager, Leap, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite
|
6.5
|
|
|
|
2010-11-05
|
CVE-2010-3702
|
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
|
Cups, Ubuntu_linux, Debian_linux, Fedora, Poppler, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_server, Xpdf
|
N/A
|
|
|
|
2018-03-20
|
CVE-2018-8088
|
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
|
Utilities_framework, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Jboss_enterprise_application_platform, Slf4j\-Ext
|
9.8
|
|
|
|
2008-08-08
|
CVE-2008-1945
|
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
|
Ubuntu_linux, Debian_linux, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_server
|
N/A
|
|
|
|
2013-12-27
|
CVE-2011-2519
|
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.
|
Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Xen
|
N/A
|
|
|
|
2018-04-24
|
CVE-2017-2885
|
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
|
Debian_linux, Libsoup, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation
|
9.8
|
|
|