| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-13785 |
4 Libpng, Canonical, Oracle and 1 more |
8 Libgpng, Ubuntu Linux, Libpng and 5 more |
2019-08-15 |
4.3 |
| In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. |
| CVE-2019-10182 |
2 Icedtea-web Project, Redhat |
6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more |
2019-08-15 |
5.8 |
| It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to... |
| CVE-2017-9788 |
6 Apache, Netapp, Oracle and 3 more |
16 Httpd, Http Server, Oncommand Unified Manager and 13 more |
2019-08-15 |
6.4 |
| In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an... |
| CVE-2016-5388 |
4 Hp, Apache, Oracle and 1 more |
11 Tomcat, Linux, Enterprise Linux Desktop and 8 more |
2019-08-13 |
5.1 |
| Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment... |
| CVE-2019-10168 |
1 Redhat |
9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more |
2019-08-12 |
4.6 |
| The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt... |
| CVE-2019-10167 |
1 Redhat |
9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more |
2019-08-12 |
4.6 |
| The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to... |
| CVE-2019-10166 |
1 Redhat |
9 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 6 more |
2019-08-12 |
4.6 |
| It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had... |
| CVE-2019-10153 |
2 Clusterlabs, Redhat |
4 Fence-agents, Enterprise Linux, Enterprise Linux Server and 1 more |
2019-08-12 |
4.0 |
| A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing... |
| CVE-2018-7225 |
4 Libvncserver Project, Canonical, Debian and 1 more |
9 Libvncserver, Ubuntu Linux, Debian Linux and 6 more |
2019-08-09 |
7.5 |
| An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g.,... |
| CVE-2018-8088 |
3 Redhat, Slf4j, Oracle |
7 Jboss Enterprise Application Platform, Slf4j, Enterprise Linux Desktop and 4 more |
2019-08-08 |
7.5 |
| org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. |
| CVE-2018-16865 |
5 Freedesktop, Canonical, Debian and 2 more |
13 Systemd, Ubuntu Linux, Debian Linux and 10 more |
2019-08-07 |
4.6 |
| An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if... |
| CVE-2018-16864 |
5 Freedesktop, Canonical, Debian and 2 more |
12 Systemd, Ubuntu Linux, Debian Linux and 9 more |
2019-08-07 |
4.6 |
| An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to... |
| CVE-2018-11781 |
4 Apache, Canonical, Debian and 1 more |
7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more |
2019-08-06 |
4.6 |
| Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. |
| CVE-2018-15473 |
5 Openbsd, Debian, Netapp and 2 more |
16 Openssh, Debian Linux, Aff Baseboard Management Controller and 13 more |
2019-08-06 |
5.0 |
| OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and... |
| CVE-2018-16871 |
2 Redhat, Linux |
9 Developer Tools, Linux Kernel, Enterprise Linux and 6 more |
2019-08-06 |
5.0 |
| A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS... |
| CVE-2018-13033 |
2 Gnu, Redhat |
5 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 2 more |
2019-08-03 |
4.3 |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by... |
| CVE-2018-10535 |
2 Gnu, Redhat |
4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more |
2019-08-03 |
4.3 |
| The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a... |
| CVE-2018-10534 |
2 Gnu, Redhat |
4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more |
2019-08-03 |
4.3 |
| The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the... |
| CVE-2018-10373 |
2 Gnu, Redhat |
4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more |
2019-08-03 |
4.3 |
| concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary... |
| CVE-2018-10372 |
2 Gnu, Redhat |
4 Binutils, Enterprise Linux Desktop, Enterprise Linux Server and 1 more |
2019-08-03 |
4.3 |
| process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. |
