Max CVSS 7.2 Min CVSS 2.1 Total Count31
IDCVSSSummaryLast (major) updatePublished
CVE-2018-16745 4.6
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
13-09-2018 - 12:29 13-09-2018 - 12:29
CVE-2018-16744 4.6
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
13-09-2018 - 12:29 13-09-2018 - 12:29
CVE-2018-16743 4.6
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
13-09-2018 - 12:29 13-09-2018 - 12:29
CVE-2018-16742 4.6
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.
13-09-2018 - 12:29 13-09-2018 - 12:29
CVE-2018-16741 7.2
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by
13-09-2018 - 12:29 13-09-2018 - 12:29
CVE-2018-15864 2.1
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt ca
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15863 2.1
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask e
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15862 2.1
Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15861 2.1
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom f
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15859 2.1
Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, becaus
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15858 2.1
Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keym
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15857 4.6
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15856 2.1
An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15855 2.1
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15854 2.1
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-15853 2.1
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
25-08-2018 - 17:29 25-08-2018 - 17:29
CVE-2018-10919 4.0
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Sa
22-08-2018 - 13:29 22-08-2018 - 13:29
CVE-2018-10918 4.0
A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versi
22-08-2018 - 13:29 22-08-2018 - 13:29
CVE-2018-10858 6.5
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and
22-08-2018 - 13:29 22-08-2018 - 13:29
CVE-2018-1140 3.3
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All version
22-08-2018 - 10:29 22-08-2018 - 10:29
CVE-2018-1139 4.3
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between
22-08-2018 - 10:29 22-08-2018 - 10:29
CVE-2018-15471 6.8
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to req
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-15470 4.9
An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual, the or
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-15469 4.9
An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in s
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-15468 4.9
An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be care
17-08-2018 - 14:29 17-08-2018 - 14:29
CVE-2018-3646 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fau
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-3620 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel an
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-0732 5.0
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
12-06-2018 - 09:29 12-06-2018 - 09:29
CVE-2018-8715 6.8
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types.
14-03-2018 - 21:29 14-03-2018 - 21:29
CVE-2009-0689 6.8
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD
25-03-2014 - 23:51 01-07-2009 - 09:00
CVE-2008-6682 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) char
28-04-2009 - 01:37 09-04-2009 - 11:08
Back to Top Mark selected
Back to Top