| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). |
| The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). |
| The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). |
| The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). |
| In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. |
| The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. |
| The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). |
| The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). |
| Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. |
| Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. |
| The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. |
| AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. |
| tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. |
| tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. |
| The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 3.7 (Integrity impacts). |
| A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. |
| oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. |
| inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |