| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-1049 |
4 Freedesktop, Redhat, Canonical and 1 more |
11 Systemd, Enterprise Linux, Enterprise Linux Desktop and 8 more |
2019-10-09 |
4.3 |
| In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount... |
| CVE-2018-15688 |
4 Freedesktop, Canonical, Debian and 1 more |
9 Systemd, Ubuntu Linux, Debian Linux and 6 more |
2019-10-09 |
7.5 |
| A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. |
| CVE-2018-15687 |
2 Freedesktop, Canonical |
2 Systemd, Ubuntu Linux |
2019-10-09 |
1.9 |
| A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239. |
| CVE-2017-7515 |
1 Freedesktop |
1 Poppler |
2019-10-09 |
4.3 |
| poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. |
| CVE-2017-9406 |
2 Freedesktop, Debian |
2 Poppler, Debian Linux |
2019-10-03 |
4.3 |
| In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. |
| CVE-2017-14929 |
1 Freedesktop |
1 Poppler |
2019-10-03 |
5.0 |
| In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a... |
| CVE-2017-18078 |
3 Freedesktop, Debian, Opensuse |
3 Systemd, Debian Linux, Leap |
2019-10-03 |
4.6 |
| systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors... |
| CVE-2017-9408 |
2 Freedesktop, Debian |
2 Poppler, Debian Linux |
2019-10-03 |
4.3 |
| In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. |
| CVE-2017-9865 |
2 Freedesktop, Debian |
2 Poppler, Debian Linux |
2019-10-03 |
4.3 |
| The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation... |
| CVE-2017-14519 |
1 Freedesktop |
1 Poppler |
2019-10-03 |
5.0 |
| In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). |
| CVE-2018-18897 |
1 Freedesktop |
1 Poppler |
2019-10-03 |
4.3 |
| An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. |
| CVE-2018-16888 |
3 Freedesktop, Netapp, Redhat |
4 Systemd, Active Iq Performance Analytics Services, Element Software and 1 more |
2019-10-03 |
1.9 |
| It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to... |
| CVE-2017-18267 |
4 Freedesktop, Canonical, Redhat and 1 more |
7 Poppler, Ubuntu Linux, Ansible Tower and 4 more |
2019-10-03 |
4.3 |
| The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. |
| CVE-2018-16646 |
3 Freedesktop, Canonical, Debian |
3 Poppler, Ubuntu Linux, Debian Linux |
2019-10-03 |
4.3 |
| In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. |
| CVE-2018-6954 |
2 Freedesktop, Canonical |
2 Systemd, Ubuntu Linux |
2019-10-03 |
7.2 |
| systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory,... |
| CVE-2017-15908 |
1 Freedesktop |
1 Systemd |
2019-10-03 |
5.0 |
| In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. |
| CVE-2018-21009 |
1 Freedesktop |
1 Poppler |
2019-09-26 |
6.8 |
| Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. |
| CVE-2019-15718 |
2 Freedesktop, Fedoraproject |
2 Systemd, Fedora |
2019-09-19 |
2.1 |
| In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An... |
| CVE-2018-20551 |
2 Freedesktop, Canonical |
2 Poppler, Ubuntu Linux |
2019-09-11 |
4.3 |
| A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. |
| CVE-2019-9959 |
1 Freedesktop |
1 Poppler |
2019-08-13 |
4.3 |
| The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an... |
