Report Name: Linux Patch Wednesday May 2024
Generated: 2024-06-16 00:43:13

Product Name	Prevalence	U	C	H	M	L	A	Comment
Kerberos	1			24	31	2	57	Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
AMD Processor	0.9				2	2	4	Processor
Active Directory	0.9				1		1	Active Directory is a directory service developed by Microsoft for Windows domain networks
Apache HTTP Server	0.9	2		13	14	5	34	Apache HTTP Server is a free and open-source web server that delivers web content through the internet
GNU Bash	0.9				2		2	Bash is the shell, or command language interpreter, for the GNU operating system
GitLab	0.9				4		4	GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application
HTTP/2	0.9		1	1	4		6	HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
Intel(R) Processor	0.9				2		2	Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
Linux Kernel	0.9		3	43	533	513	1092	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Microsoft SCOM	0.9				1		1	System Center Operations Manager
Sudo	0.9		1	2	6	5	14	Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
Windows Encrypting File System	0.9			2	9	5	16	Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
Windows Kernel	0.9		2	14	32	5	53	Windows Kernel
Windows LDAP	0.9		2	6	33	3	44	Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
nghttp2	0.9		2		2		4	nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C
APT	0.8		1	8	41	12	62	A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
ASP.NET	0.8				3	1	4	An open-source, server-side web-application framework designed for web development
Adobe Reader	0.8		1		1		2	Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format files
Binutils	0.8		1	16	24		41	The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
Chromium	0.8		4	7	31		42	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
FreeIPA	0.8			1	4	2	7	FreeIPA is a free and open source identity management system
GNOME desktop	0.8			8	52	9	69	GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
GNU C Library	0.8		4	8	28	4	44	The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
Google Chrome	0.8	2	10	39	51		102	Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
ICMP	0.8			1	5		6	The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
Mozilla Firefox	0.8		4	41	52	9	106	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Netty	0.8				3		3	Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
Node.js	0.8		3	6	35	7	51	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
OpenSSH	0.8	1	3	12	22	6	44	OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
OpenSSL	0.8	1	3	14	38	17	73	A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
PHP	0.8	2	8	99	326	42	477	PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
RPC	0.8			8	37	5	50	Remote Procedure Call Runtime
Safari	0.8		26	55	29		110	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Samba	0.8		8	10	21	5	44	Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
Visual Basic for Applications	0.8			1	1	2	4	Visual Basic for Applications is a computer programming language developed and owned by Microsoft
Webkit	0.8			2		1	3	WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all web browsers on iOS and iPadOS
WinRAR	0.8				3	1	4	WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH
Windows NTFS	0.8				13	1	14	The default file system of the Windows NT family
Windows Remote Desktop Protocol	0.8		1				1	Windows component
Xlib	0.8				1	1	2	Xlib (also known as libX11) is an X Window System protocol client library written in the C programming language
Zoom	0.8				2		2	Zoom is the leader in modern enterprise video communications
libvpx	0.8			2	6		8	libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
libwebp	0.8				2		2	libwebp is a code library used to render and display images in the WebP format
.NET	0.7				5		5	.NET
.NET and Visual Studio	0.7				1		1	.NET and Visual Studio
Apache Tomcat	0.7	1		2	2	1	6	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Apache Traffic Server	0.7			2	11		13	The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
BIND	0.7		1	17	29	8	55	BIND is a suite of software for interacting with the Domain Name System
Babel	0.7		14	1	3		18	Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
Confluence	0.7				1		1	Confluence is a web-based corporate wiki
Curl	0.7			5	13	4	22	Curl is a command-line tool for transferring data specified with URL syntax
ESXi	0.7					3	3	VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers
FFmpeg	0.7		8	17	100	3	128	FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
Kubernetes	0.7				6	4	10	Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
MariaDB	0.7				1	1	2	MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system, intended to remain free and open-source software under the GNU General Public License
MediaWiki	0.7			7	81	32	120	MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
Oracle MySQL	0.7				1		1	MySQL is an open-source relational database management system
Point-to-Point Tunneling Protocol	0.7			1	1		2	The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks
QEMU	0.7			5	32	4	41	QEMU is a generic and open source machine & userspace emulator and virtualizer
SQLite	0.7			5	10	2	17	SQLite is a database engine written in the C programming language
Struts	0.7				1		1	Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. It favors convention over configuration, is extensible using a plugin architecture, and ships with plugins to support REST, AJAX and JSON
VMware Tools	0.7				1		1	VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guests operating systems
Windows Security Center	0.7				1		1	Windows Security Center (WSC) is a comprehensive reporting tool that helps users establish and maintain a protective security layer around their computer systems
iOS	0.7			17	21	6	44	iOS is an operating system developed and marketed by Apple Inc
macOS	0.7			2	1		3	macOS is an operating system developed and marketed by Apple Inc
vim	0.7			6	6	1	13	Vim is a free and open-source, screen-based text editor program
Apache ActiveMQ	0.6		1	1	5	3	10	Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
Bouncy Castle	0.6				3	6	9	Bouncy Castle is a collection of APIs used in cryptography
DirectX	0.6			2			2	DirectX
Eclipse Mosquitto	0.6				3	2	5	Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines
Exim	0.6			1	12	4	17	Exim is a mail transfer agent (MTA) used on Unix-like operating systems
FreeRDP	0.6		5	1	7		13	FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
ImageMagick	0.6			2	62	7	71	ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Internet Explorer	0.6			1	13	1	15	Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
Jetty	0.6			1	1	1	3	Jetty is a Java based web server and servlet engine
Microsoft Excel	0.6				1		1	MS Office product
Microsoft Word	0.6				1		1	Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product.
Nokogiri	0.6				2		2	Nokogiri is an open source XML and HTML library for the Ruby programming language
Oracle Java SE	0.6				5	3	8	Oracle Java SE
Perl	0.6		1	52	370	194	617	Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
Puma	0.6				1		1	Puma is a Ruby/Rack web server built for parallelism
Python	0.6			22	70	43	135	Python is a high-level, general-purpose programming language
ReadyMedia	0.6				4		4	ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients
Redis	0.6		2	1	7	5	15	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Roundcube	0.6		1	6	17	6	30	Roundcube is a web-based IMAP email client
Wireshark	0.6			14	139	43	196	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
libxml2	0.6				3	2	5	libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
ownCloud	0.6				2	1	3	ownCloud is an open-source software product for sharing and syncing of files in distributed and federated enterprise scenarios
pgAdmin	0.6				1		1	pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world
tiffcrop	0.6			2	2		4	Tiffcrop processes one or more files created according to the Tag Image File Format, Revision 6.0, specification into one or more TIFF file(s)
wpa_supplicant	0.6			1	4	1	6	wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
7-Zip	0.5				4		4	KeePass is a free open source password manager, which helps you to manage your passwords in a secure way
CNG	0.5				1		1	CNG
Cacti	0.5			19	30	32	81	Cacti is an open source operational monitoring and fault management framework
DNSSEC	0.5				4	6	10	The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
Docker	0.5			1	8	7	16	Docker
FRRouting	0.5				3	4	7	Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
Flask	0.5				2	2	4	Flask is a lightweight WSGI web application framework
GDI	0.5			1	5	2	8	GDI
Group Policy	0.5				1		1	Group Policy
HID	0.5			3	7	13	23	HID
KeePass	0.5				2	1	3	7-Zip is a file archiver with a high compression ratio
LNK	0.5				3	3	6	LNK
Layer 2 Tunneling Protocol	0.5				1		1	Layer 2 Tunneling Protocol
Libarchive	0.5			1	10	1	12	Multi-format archive and compression library
NetBIOS	0.5			1			1	NetBIOS (Network Basic Input/Output System) is a network service that enables applications on different computers to communicate with each other across a local area network (LAN)
NumPy	0.5				1	2	3	NumPy is a library for the Python programming language, adding support for large, multi-dimensional arrays and matrices, along with a large collection of high-level mathematical functions
Openfire	0.5		1				1	Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License
Scripting Engine	0.5				1	1	2	Scripting Engine
TLS	0.5			10	37	50	97	TLS
TLS/SSL	0.5					2	2	TLS/SSL
TRIE	0.5			1	33	12	46	TRIE
VBScript	0.5				1		1	VBScript
WEBDAV	0.5				1		1	WEBDAV
Werkzeug	0.5				1		1	Werkzeug is a comprehensive WSGI web application library
Word PDF	0.5				1		1	Word PDF
Xrdp	0.5				4		4	xrdp is an open source remote desktop protocol server
libjpeg	0.5				13	7	20	libjpeg
nginx	0.5			7	5	1	13	Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
ntopng	0.5			2	3	1	6	ntopng is an open-source computer software for monitoring traffic on a computer network
spip	0.5				2	2	4	SPIP is an open-source software content management system designed for web site publishing, oriented towards online collaborative editing
Azure	0.4				3		3	Azure
Flatpak	0.4			1	1		2	Flatpak is a utility for software deployment and package management for Linux
GPAC	0.4			26	73	36	135	GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
Git	0.4			13	60	37	110	Git
LLDP	0.4				1		1	LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as Extreme's EDP (Extreme Discovery Protocol) and CDP (Cisco Discovery Protocol)
Artifex Ghostscript	0.3				8	1	9	Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
Visual Studio	0.3				1		1	Integrated development environment
Unknown Product	0		10	406	2489	3537	6442	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0	5	88	415	1048	36	1592
Authentication Bypass	0.98	1	4	22	67	2	96
Code Injection	0.97	2	2	21	20		45
Command Injection	0.97		2	30	47		79
XXE Injection	0.97		1	5	23		29
Arbitrary File Writing	0.95			12	188	43	243
Security Feature Bypass	0.9	1	5	45	146	3	200
Elevation of Privilege	0.85		2	8	82	3	95
Arbitrary File Reading	0.83			7	49	12	68
Information Disclosure	0.83			43	283	53	379
Cross Site Scripting	0.8			92	458	135	685
Open Redirect	0.75				14	2	16
Denial of Service	0.7		7	228	1531	825	2591
Path Traversal	0.7		1	17	52	36	106
Incorrect Calculation	0.5		1	3	49	27	80
Memory Corruption	0.5		17	98	588	420	1123
Spoofing	0.4			2	5	5	12
Unknown Vulnerability Type	0		2	81	740	3214	4037

Source	U	C	H	M	L	A
almalinux		5	8	43	58	114
debian	9	131	1125	5371	4802	11438
oraclelinux		5	8	48	62	123
redhat		5	9	52	65	131
redos		7	15	57	24	103
ubuntu		11	9	180	213	413

Urgent (9)

1. Remote Code Execution - Apache HTTP Server (CVE-2021-42013) - Urgent [864]

Description: It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

debian: CVE-2021-42013 was patched at 2024-05-15

2. Code Injection - PHP (CVE-2017-9841) - Urgent [842]

Description: {'vulners_cve_data_all': 'Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2017-9841 was patched at 2024-05-15

3. Remote Code Execution - Apache HTTP Server (CVE-2021-41773) - Urgent [840]

Description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

debian: CVE-2021-41773 was patched at 2024-05-15

4. Remote Code Execution - Google Chrome (CVE-2021-30632) - Urgent [835]

Description: Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

debian: CVE-2021-30632 was patched at 2024-05-15

5. Remote Code Execution - Apache Tomcat (CVE-2022-22965) - Urgent [830]

Description: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

debian: CVE-2022-22965 was patched at 2024-05-15

6. Remote Code Execution - OpenSSL (CVE-2010-0742) - Urgent [823]

Description: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

debian: CVE-2010-0742 was patched at 2024-05-15

7. Code Injection - PHP (CVE-2009-1151) - Urgent [818]

Description: Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

debian: CVE-2009-1151 was patched at 2024-05-15

8. Security Feature Bypass - Google Chrome (CVE-2021-21220) - Urgent [817]

Description: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

debian: CVE-2021-21220 was patched at 2024-05-15

9. Authentication Bypass - OpenSSH (CVE-2019-6110) - Urgent [808]

Description: {'vulners_cve_data_all': 'In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2019-6110 was patched at 2024-05-15

Critical (132)

10. Security Feature Bypass - Apache ActiveMQ (CVE-2016-3088) - Critical [796]

Description: {'vulners_cve_data_all': 'The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2016-3088 was patched at 2024-05-15

11. Security Feature Bypass - Google Chrome (CVE-2021-30533) - Critical [794]

Description: Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

debian: CVE-2021-30533 was patched at 2024-05-15

12. Elevation of Privilege - BIND (CVE-2020-0041) - Critical [780]

Description: In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel

debian: CVE-2020-0041 was patched at 2024-05-15

13. Denial of Service - Node.js (CVE-2015-8858) - Critical [770]

Description: The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."

debian: CVE-2015-8858 was patched at 2024-05-15

14. Memory Corruption - Google Chrome (CVE-2021-30633) - Critical [758]

Description: Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

debian: CVE-2021-30633 was patched at 2024-05-15

15. Memory Corruption - nghttp2 (CVE-2024-27983) - Critical [751]

Description: An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.

almalinux: CVE-2024-27983 was patched at 2024-05-09, 2024-05-15, 2024-05-20

debian: CVE-2024-27983 was patched at 2024-05-15

oraclelinux: CVE-2024-27983 was patched at 2024-05-09, 2024-05-10, 2024-05-14, 2024-05-16, 2024-05-22

redhat: CVE-2024-27983 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-05-21, 2024-05-29, 2024-06-03

redos: CVE-2024-27983 was patched at 2024-04-25

16. Memory Corruption - Google Chrome (CVE-2021-21206) - Critical [746]

Description: Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

debian: CVE-2021-21206 was patched at 2024-05-15

17. Memory Corruption - Google Chrome (CVE-2021-30551) - Critical [746]

Description: Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

debian: CVE-2021-30551 was patched at 2024-05-15

18. Memory Corruption - Google Chrome (CVE-2021-30563) - Critical [746]

Description: Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

debian: CVE-2021-30563 was patched at 2024-05-15

19. Path Traversal - Openfire (CVE-2023-32315) - Critical [720]

Description: Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

redos: CVE-2023-32315 was patched at 2024-05-03

20. Memory Corruption - Babel (CVE-2022-26127) - Critical [717]

Description: A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.

debian: CVE-2022-26127 was patched at 2024-05-15

ubuntu: CVE-2022-26127 was patched at 2024-06-05

21. Memory Corruption - Babel (CVE-2022-26128) - Critical [717]

Description: A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.

debian: CVE-2022-26128 was patched at 2024-05-15

ubuntu: CVE-2022-26128 was patched at 2024-06-05

22. Memory Corruption - Babel (CVE-2022-26129) - Critical [717]

Description: {'vulners_cve_data_all': 'Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2022-26129 was patched at 2024-05-15

ubuntu: CVE-2022-26129 was patched at 2024-06-05

23. Denial of Service - HTTP/2 (CVE-2023-45288) - Critical [691]

Description: {'vulners_cve_data_all': 'An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

almalinux: CVE-2023-45288 was patched at 2024-04-23, 2024-04-29, 2024-04-30, 2024-05-06, 2024-05-07, 2024-05-22, 2024-05-23

debian: CVE-2023-45288 was patched at 2024-05-15

oraclelinux: CVE-2023-45288 was patched at 2024-04-23, 2024-05-07, 2024-05-08, 2024-05-29

redhat: CVE-2023-45288 was patched at 2024-04-23, 2024-04-26, 2024-04-29, 2024-04-30, 2024-05-02, 2024-05-06, 2024-05-07, 2024-05-09, 2024-05-20, 2024-05-21, 2024-05-22, 2024-05-23, 2024-05-29

redos: CVE-2023-45288 was patched at 2024-04-22

24. Remote Code Execution - Unknown Product (CVE-2016-4437) - Critical [690]

Description: {'vulners_cve_data_all': 'Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2016-4437 was patched at 2024-05-15

25. Remote Code Execution - Unknown Product (CVE-2019-17558) - Critical [690]

Description: {'vulners_cve_data_all': 'Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2019-17558 was patched at 2024-05-15

26. Remote Code Execution - Unknown Product (CVE-2021-33035) - Critical [690]

Description: {'vulners_cve_data_all': 'Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2021-33035 was patched at 2024-05-15

27. Remote Code Execution - Unknown Product (CVE-2022-25942) - Critical [690]

Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2022-25942 was patched at 2024-05-15

28. Remote Code Execution - Unknown Product (CVE-2022-25972) - Critical [690]

Description: {'vulners_cve_data_all': 'An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2022-25972 was patched at 2024-05-15

29. Remote Code Execution - Unknown Product (CVE-2022-26061) - Critical [690]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2022-26061 was patched at 2024-05-15

30. Security Feature Bypass - Chromium (CVE-2024-3838) - Critical [680]

Description: {'vulners_cve_data_all': 'Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-3838 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3838 was patched at 2024-05-03

31. Denial of Service - GNU C Library (CVE-2024-2961) - Critical [675]

Description: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

almalinux: CVE-2024-2961 was patched at 2024-05-07, 2024-05-22, 2024-05-23

debian: CVE-2024-2961 was patched at 2024-04-23, 2024-05-15

oraclelinux: CVE-2024-2961 was patched at 2024-05-08, 2024-05-29, 2024-06-05

redhat: CVE-2024-2961 was patched at 2024-05-07, 2024-05-09, 2024-05-22, 2024-05-23, 2024-05-28, 2024-05-29, 2024-06-04

redos: CVE-2024-2961 was patched at 2024-05-03

ubuntu: CVE-2024-2961 was patched at 2024-04-18, 2024-04-29, 2024-05-02

32. Security Feature Bypass - Unknown Product (CVE-2020-35380) - Critical [672]

Description: {'vulners_cve_data_all': 'GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2020-35380 was patched at 2024-05-15

33. Denial of Service - Binutils (CVE-2017-16829) - Critical [669]

Description: The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.

debian: CVE-2017-16829 was patched at 2024-05-15

34. Unknown Vulnerability Type - Node.js (CVE-2015-8857) - Critical [669]

Description: {'vulners_cve_data_all': 'The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2015-8857 was patched at 2024-05-15

35. Denial of Service - nghttp2 (CVE-2024-28182) - Critical [650]

Description: {'vulners_cve_data_all': 'nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

almalinux: CVE-2024-28182 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-05-30

debian: CVE-2024-28182 was patched at 2024-05-15

oraclelinux: CVE-2024-28182 was patched at 2024-05-09, 2024-05-10, 2024-05-14, 2024-05-16, 2024-05-22

redhat: CVE-2024-28182 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-05-21, 2024-05-30, 2024-06-03, 2024-06-06

redos: CVE-2024-28182 was patched at 2024-05-07

ubuntu: CVE-2024-28182 was patched at 2024-04-25, 2024-05-07

36. Unknown Vulnerability Type - Linux Kernel (CVE-2013-6282) - Critical [650]

Description: {'vulners_cve_data_all': 'The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2013-6282 was patched at 2024-05-15

37. Memory Corruption - Chromium (CVE-2024-3834) - Critical [645]

Description: Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-3834 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3834 was patched at 2024-05-03

38. Memory Corruption - Google Chrome (CVE-2021-30549) - Critical [645]

Description: Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

debian: CVE-2021-30549 was patched at 2024-05-15

39. Memory Corruption - Google Chrome (CVE-2021-30554) - Critical [645]

Description: Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

debian: CVE-2021-30554 was patched at 2024-05-15

40. Memory Corruption - Chromium (CVE-2024-4671) - Critical [639]

Description: Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-4671 was patched at 2024-05-10, 2024-05-15

41. Remote Code Execution - Windows Kernel (CVE-2008-2430) - Critical [638]

Description: Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.

debian: CVE-2008-2430 was patched at 2024-05-15

42. Denial of Service - Unknown Product (CVE-2020-36066) - Critical [636]

Description: {'vulners_cve_data_all': 'GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2020-36066 was patched at 2024-05-15

43. Remote Code Execution - GNU C Library (CVE-2002-0391) - Critical [633]

Description: Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

debian: CVE-2002-0391 was patched at 2024-05-15

44. Remote Code Execution - GNU C Library (CVE-2014-9984) - Critical [633]

Description: nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

debian: CVE-2014-9984 was patched at 2024-05-15

ubuntu: CVE-2014-9984 was patched at 2024-05-02

45. Remote Code Execution - Google Chrome (CVE-2012-2864) - Critical [633]

Description: Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."

debian: CVE-2012-2864 was patched at 2024-05-15

46. Remote Code Execution - Google Chrome (CVE-2020-6572) - Critical [633]

Description: Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

debian: CVE-2020-6572 was patched at 2024-05-15

47. Remote Code Execution - Mozilla Firefox (CVE-2009-3377) - Critical [633]

Description: Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

debian: CVE-2009-3377 was patched at 2024-05-15

48. Remote Code Execution - OpenSSL (CVE-2022-2274) - Critical [633]

Description: The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

debian: CVE-2022-2274 was patched at 2024-05-15

49. Remote Code Execution - PHP (CVE-2021-32708) - Critical [633]

Description: Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.

debian: CVE-2021-32708 was patched at 2024-05-15

50. Remote Code Execution - PHP (CVE-2023-24813) - Critical [633]

Description: Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, which is later used to parse the svg file, parses the href attribute. Since `href` is respected if both `xlink:href` and `href` is specified, it's possible to bypass the protection on the Dompdf side by providing an empty `xlink:href` attribute. An attacker can exploit the vulnerability to call arbitrary URLs with arbitrary protocols if they provide an SVG file to the Dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, which will lead, at the very least, to arbitrary file deletion and might lead to remote code execution, depending on available classes. This vulnerability has been addressed in commit `95009ea98` which has been included in release version 2.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

debian: CVE-2023-24813 was patched at 2024-05-15

51. Remote Code Execution - PHP (CVE-2023-28115) - Critical [633]

Description: Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the `generateFromHtml()` function, it will invoke deserialization. This vulnerability is capable of remote code execution if Snappy is used with frameworks or developer code with vulnerable POP chains. It has been fixed in version 1.4.2.

debian: CVE-2023-28115 was patched at 2024-05-15

52. Remote Code Execution - Samba (CVE-2002-1318) - Critical [633]

Description: Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

debian: CVE-2002-1318 was patched at 2024-05-15

53. Remote Code Execution - Samba (CVE-2003-0085) - Critical [633]

Description: Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

debian: CVE-2003-0085 was patched at 2024-05-15

54. Remote Code Execution - Samba (CVE-2003-0196) - Critical [633]

Description: Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

debian: CVE-2003-0196 was patched at 2024-05-15

55. Remote Code Execution - Samba (CVE-2003-0201) - Critical [633]

Description: Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

debian: CVE-2003-0201 was patched at 2024-05-15

56. Remote Code Execution - Samba (CVE-2004-0600) - Critical [633]

Description: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

debian: CVE-2004-0600 was patched at 2024-05-15

57. Command Injection - Node.js (CVE-2019-10061) - Critical [627]

Description: utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.

debian: CVE-2019-10061 was patched at 2024-05-15

58. Remote Code Execution - Linux Kernel (CVE-2008-4395) - Critical [626]

Description: Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.

debian: CVE-2008-4395 was patched at 2024-05-15

59. Remote Code Execution - Windows Kernel (CVE-2021-40826) - Critical [626]

Description: Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.

debian: CVE-2021-40826 was patched at 2024-05-15

60. Remote Code Execution - Windows LDAP (CVE-2006-3747) - Critical [626]

Description: Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

debian: CVE-2006-3747 was patched at 2024-05-15

61. Memory Corruption - Unknown Product (CVE-2023-47212) - Critical [625]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-47212 was patched at 2024-05-15

62. Memory Corruption - FreeRDP (CVE-2024-32041) - Critical [623]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.

debian: CVE-2024-32041 was patched at 2024-05-15

ubuntu: CVE-2024-32041 was patched at 2024-04-24

63. Memory Corruption - FreeRDP (CVE-2024-32458) - Critical [623]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).

debian: CVE-2024-32458 was patched at 2024-05-15

ubuntu: CVE-2024-32458 was patched at 2024-04-24

64. Memory Corruption - FreeRDP (CVE-2024-32459) - Critical [623]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.

debian: CVE-2024-32459 was patched at 2024-05-15

ubuntu: CVE-2024-32459 was patched at 2024-04-24

65. Remote Code Execution - Google Chrome (CVE-2021-30526) - Critical [621]

Description: Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

debian: CVE-2021-30526 was patched at 2024-05-15

66. Remote Code Execution - Mozilla Firefox (CVE-2009-3378) - Critical [621]

Description: The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.

debian: CVE-2009-3378 was patched at 2024-05-15

67. Remote Code Execution - Mozilla Firefox (CVE-2010-1028) - Critical [621]

Description: Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

debian: CVE-2010-1028 was patched at 2024-05-15

68. Remote Code Execution - PHP (CVE-2018-14857) - Critical [621]

Description: Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.

debian: CVE-2018-14857 was patched at 2024-05-15

69. Remote Code Execution - Safari (CVE-2008-2307) - Critical [621]

Description: Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.

debian: CVE-2008-2307 was patched at 2024-05-15

70. Remote Code Execution - Safari (CVE-2009-1686) - Critical [621]

Description: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

debian: CVE-2009-1686 was patched at 2024-05-15

71. Remote Code Execution - Safari (CVE-2009-1701) - Critical [621]

Description: Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

debian: CVE-2009-1701 was patched at 2024-05-15

72. Remote Code Execution - Safari (CVE-2009-1711) - Critical [621]

Description: WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

debian: CVE-2009-1711 was patched at 2024-05-15

73. Remote Code Execution - Safari (CVE-2009-1712) - Critical [621]

Description: WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

debian: CVE-2009-1712 was patched at 2024-05-15

74. Remote Code Execution - Safari (CVE-2017-2505) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

debian: CVE-2017-2505 was patched at 2024-05-15

75. Remote Code Execution - Safari (CVE-2017-2514) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

debian: CVE-2017-2514 was patched at 2024-05-15

76. Remote Code Execution - Safari (CVE-2017-2515) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

debian: CVE-2017-2515 was patched at 2024-05-15

77. Remote Code Execution - Safari (CVE-2017-2521) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

debian: CVE-2017-2521 was patched at 2024-05-15

78. Remote Code Execution - Safari (CVE-2017-2531) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

debian: CVE-2017-2531 was patched at 2024-05-15

79. Remote Code Execution - Safari (CVE-2017-2536) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

debian: CVE-2017-2536 was patched at 2024-05-15

80. Remote Code Execution - Safari (CVE-2017-2547) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

debian: CVE-2017-2547 was patched at 2024-05-15

81. Remote Code Execution - Safari (CVE-2017-6980) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

debian: CVE-2017-6980 was patched at 2024-05-15