{"cves":[{"cve_id":"CVE-2025-6021","summary":"A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00759,"ranking_epss":0.73278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2025:10630","https://access.redhat.com/errata/RHSA-2025:10698","https://access.redhat.com/errata/RHSA-2025:10699","https://access.redhat.com/errata/RHSA-2025:11580","https://access.redhat.com/errata/RHSA-2025:11673","https://access.redhat.com/errata/RHSA-2025:12098","https://access.redhat.com/errata/RHSA-2025:12099","https://access.redhat.com/errata/RHSA-2025:12199","https://access.redhat.com/errata/RHSA-2025:12237","https://access.redhat.com/errata/RHSA-2025:12239","https://access.redhat.com/errata/RHSA-2025:12240","https://access.redhat.com/errata/RHSA-2025:12241","https://access.redhat.com/errata/RHSA-2025:13267","https://access.redhat.com/errata/RHSA-2025:13289","https://access.redhat.com/errata/RHSA-2025:13325","https://access.redhat.com/errata/RHSA-2025:13335","https://access.redhat.com/errata/RHSA-2025:13336","https://access.redhat.com/errata/RHSA-2025:14059","https://access.redhat.com/errata/RHSA-2025:14396","https://access.redhat.com/errata/RHSA-2025:15308","https://access.redhat.com/errata/RHSA-2025:15672","https://access.redhat.com/errata/RHSA-2025:19020","https://access.redhat.com/security/cve/CVE-2025-6021","https://bugzilla.redhat.com/show_bug.cgi?id=2372406","https://gitlab.gnome.org/GNOME/libxml2/-/issues/926","https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html","https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"],"published_time":"2025-06-12T13:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2025-2784","summary":"A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.","cvss":7.0,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.0,"epss":0.02145,"ranking_epss":0.84175,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2025:21657","https://access.redhat.com/errata/RHSA-2025:7505","https://access.redhat.com/errata/RHSA-2025:8126","https://access.redhat.com/errata/RHSA-2025:8132","https://access.redhat.com/errata/RHSA-2025:8139","https://access.redhat.com/errata/RHSA-2025:8140","https://access.redhat.com/errata/RHSA-2025:8252","https://access.redhat.com/errata/RHSA-2025:8480","https://access.redhat.com/errata/RHSA-2025:8481","https://access.redhat.com/errata/RHSA-2025:8482","https://access.redhat.com/errata/RHSA-2025:8663","https://access.redhat.com/errata/RHSA-2025:9179","https://access.redhat.com/security/cve/CVE-2025-2784","https://bugzilla.redhat.com/show_bug.cgi?id=2354669","https://gitlab.gnome.org/GNOME/libsoup/-/issues/422","https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html","https://gitlab.gnome.org/GNOME/libsoup/-/issues/422"],"published_time":"2025-04-03T03:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-12085","summary":"A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.19143,"ranking_epss":0.95327,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2025:0324","https://access.redhat.com/errata/RHSA-2025:0325","https://access.redhat.com/errata/RHSA-2025:0637","https://access.redhat.com/errata/RHSA-2025:0688","https://access.redhat.com/errata/RHSA-2025:0714","https://access.redhat.com/errata/RHSA-2025:0774","https://access.redhat.com/errata/RHSA-2025:0787","https://access.redhat.com/errata/RHSA-2025:0790","https://access.redhat.com/errata/RHSA-2025:0849","https://access.redhat.com/errata/RHSA-2025:0884","https://access.redhat.com/errata/RHSA-2025:0885","https://access.redhat.com/errata/RHSA-2025:1120","https://access.redhat.com/errata/RHSA-2025:1123","https://access.redhat.com/errata/RHSA-2025:1128","https://access.redhat.com/errata/RHSA-2025:1225","https://access.redhat.com/errata/RHSA-2025:1227","https://access.redhat.com/errata/RHSA-2025:1242","https://access.redhat.com/errata/RHSA-2025:1451","https://access.redhat.com/errata/RHSA-2025:21885","https://access.redhat.com/errata/RHSA-2025:2701","https://access.redhat.com/security/cve/CVE-2024-12085","https://bugzilla.redhat.com/show_bug.cgi?id=2330539","https://kb.cert.org/vuls/id/952657","https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html","https://security.netapp.com/advisory/ntap-20250131-0002/","https://www.kb.cert.org/vuls/id/952657","https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"],"published_time":"2025-01-14T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-1086","summary":"A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.86056,"ranking_epss":0.9939,"kev":true,"propose_action":"Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.","ransomware_campaign":"Known","references":["http://www.openwall.com/lists/oss-security/2024/04/10/22","http://www.openwall.com/lists/oss-security/2024/04/10/23","http://www.openwall.com/lists/oss-security/2024/04/14/1","http://www.openwall.com/lists/oss-security/2024/04/15/2","http://www.openwall.com/lists/oss-security/2024/04/17/5","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660","https://github.com/Notselwyn/CVE-2024-1086","https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660","https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html","https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/","https://news.ycombinator.com/item?id=39828424","https://pwning.tech/nftables/","https://security.netapp.com/advisory/ntap-20240614-0009/","http://www.openwall.com/lists/oss-security/2024/04/10/22","http://www.openwall.com/lists/oss-security/2024/04/10/23","http://www.openwall.com/lists/oss-security/2024/04/14/1","http://www.openwall.com/lists/oss-security/2024/04/15/2","http://www.openwall.com/lists/oss-security/2024/04/17/5","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660","https://github.com/Notselwyn/CVE-2024-1086","https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660","https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html","https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/","https://news.ycombinator.com/item?id=39828424","https://pwning.tech/nftables/","https://security.netapp.com/advisory/ntap-20240614-0009/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086"],"published_time":"2024-01-31T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0408","summary":"A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00019,"ranking_epss":0.04846,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2024:0320","https://access.redhat.com/errata/RHSA-2024:2169","https://access.redhat.com/errata/RHSA-2024:2170","https://access.redhat.com/errata/RHSA-2024:2995","https://access.redhat.com/errata/RHSA-2024:2996","https://access.redhat.com/security/cve/CVE-2024-0408","https://bugzilla.redhat.com/show_bug.cgi?id=2257689","https://access.redhat.com/errata/RHSA-2024:0320","https://access.redhat.com/errata/RHSA-2024:2169","https://access.redhat.com/errata/RHSA-2024:2170","https://access.redhat.com/errata/RHSA-2024:2995","https://access.redhat.com/errata/RHSA-2024:2996","https://access.redhat.com/security/cve/CVE-2024-0408","https://bugzilla.redhat.com/show_bug.cgi?id=2257689","https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/","https://security.gentoo.org/glsa/202401-30","https://security.netapp.com/advisory/ntap-20240307-0006/"],"published_time":"2024-01-18T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2024-0409","summary":"A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00018,"ranking_epss":0.04792,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2024:0320","https://access.redhat.com/errata/RHSA-2024:2169","https://access.redhat.com/errata/RHSA-2024:2170","https://access.redhat.com/errata/RHSA-2024:2995","https://access.redhat.com/errata/RHSA-2024:2996","https://access.redhat.com/security/cve/CVE-2024-0409","https://bugzilla.redhat.com/show_bug.cgi?id=2257690","https://access.redhat.com/errata/RHSA-2024:0320","https://access.redhat.com/errata/RHSA-2024:2169","https://access.redhat.com/errata/RHSA-2024:2170","https://access.redhat.com/errata/RHSA-2024:2995","https://access.redhat.com/errata/RHSA-2024:2996","https://access.redhat.com/security/cve/CVE-2024-0409","https://bugzilla.redhat.com/show_bug.cgi?id=2257690","https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/","https://security.gentoo.org/glsa/202401-30","https://security.netapp.com/advisory/ntap-20240307-0006/"],"published_time":"2024-01-18T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-6816","summary":"A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.03264,"ranking_epss":0.87114,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2024:0320","https://access.redhat.com/errata/RHSA-2024:0557","https://access.redhat.com/errata/RHSA-2024:0558","https://access.redhat.com/errata/RHSA-2024:0597","https://access.redhat.com/errata/RHSA-2024:0607","https://access.redhat.com/errata/RHSA-2024:0614","https://access.redhat.com/errata/RHSA-2024:0617","https://access.redhat.com/errata/RHSA-2024:0621","https://access.redhat.com/errata/RHSA-2024:0626","https://access.redhat.com/errata/RHSA-2024:0629","https://access.redhat.com/errata/RHSA-2024:2169","https://access.redhat.com/errata/RHSA-2024:2170","https://access.redhat.com/errata/RHSA-2024:2995","https://access.redhat.com/errata/RHSA-2024:2996","https://access.redhat.com/errata/RHSA-2025:12751","https://access.redhat.com/security/cve/CVE-2023-6816","https://bugzilla.redhat.com/show_bug.cgi?id=2257691","http://www.openwall.com/lists/oss-security/2024/01/18/1","https://access.redhat.com/errata/RHSA-2024:0320","https://access.redhat.com/errata/RHSA-2024:0557","https://access.redhat.com/errata/RHSA-2024:0558","https://access.redhat.com/errata/RHSA-2024:0597","https://access.redhat.com/errata/RHSA-2024:0607","https://access.redhat.com/errata/RHSA-2024:0614","https://access.redhat.com/errata/RHSA-2024:0617","https://access.redhat.com/errata/RHSA-2024:0621","https://access.redhat.com/errata/RHSA-2024:0626","https://access.redhat.com/errata/RHSA-2024:0629","https://access.redhat.com/errata/RHSA-2024:2169","https://access.redhat.com/errata/RHSA-2024:2170","https://access.redhat.com/errata/RHSA-2024:2996","https://access.redhat.com/security/cve/CVE-2023-6816","https://bugzilla.redhat.com/show_bug.cgi?id=2257691","https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/","https://security.gentoo.org/glsa/202401-30","https://security.netapp.com/advisory/ntap-20240307-0006/"],"published_time":"2024-01-18T05:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5455","summary":"A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00304,"ranking_epss":0.53594,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2024:0137","https://access.redhat.com/errata/RHSA-2024:0138","https://access.redhat.com/errata/RHSA-2024:0139","https://access.redhat.com/errata/RHSA-2024:0140","https://access.redhat.com/errata/RHSA-2024:0141","https://access.redhat.com/errata/RHSA-2024:0142","https://access.redhat.com/errata/RHSA-2024:0143","https://access.redhat.com/errata/RHSA-2024:0144","https://access.redhat.com/errata/RHSA-2024:0145","https://access.redhat.com/security/cve/CVE-2023-5455","https://bugzilla.redhat.com/show_bug.cgi?id=2242828","https://www.freeipa.org/release-notes/4-10-3.html","https://www.freeipa.org/release-notes/4-11-1.html","https://www.freeipa.org/release-notes/4-6-10.html","https://www.freeipa.org/release-notes/4-9-14.html","https://access.redhat.com/errata/RHSA-2024:0137","https://access.redhat.com/errata/RHSA-2024:0138","https://access.redhat.com/errata/RHSA-2024:0139","https://access.redhat.com/errata/RHSA-2024:0140","https://access.redhat.com/errata/RHSA-2024:0141","https://access.redhat.com/errata/RHSA-2024:0142","https://access.redhat.com/errata/RHSA-2024:0143","https://access.redhat.com/errata/RHSA-2024:0144","https://access.redhat.com/errata/RHSA-2024:0145","https://access.redhat.com/errata/RHSA-2024:0252","https://access.redhat.com/security/cve/CVE-2023-5455","https://bugzilla.redhat.com/show_bug.cgi?id=2242828","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/","https://www.freeipa.org/release-notes/4-10-3.html","https://www.freeipa.org/release-notes/4-11-1.html","https://www.freeipa.org/release-notes/4-6-10.html","https://www.freeipa.org/release-notes/4-9-14.html"],"published_time":"2024-01-10T13:15:48","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5869","summary":"A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.01608,"ranking_epss":0.81704,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2023:7545","https://access.redhat.com/errata/RHSA-2023:7579","https://access.redhat.com/errata/RHSA-2023:7580","https://access.redhat.com/errata/RHSA-2023:7581","https://access.redhat.com/errata/RHSA-2023:7616","https://access.redhat.com/errata/RHSA-2023:7656","https://access.redhat.com/errata/RHSA-2023:7666","https://access.redhat.com/errata/RHSA-2023:7667","https://access.redhat.com/errata/RHSA-2023:7694","https://access.redhat.com/errata/RHSA-2023:7695","https://access.redhat.com/errata/RHSA-2023:7714","https://access.redhat.com/errata/RHSA-2023:7770","https://access.redhat.com/errata/RHSA-2023:7771","https://access.redhat.com/errata/RHSA-2023:7772","https://access.redhat.com/errata/RHSA-2023:7778","https://access.redhat.com/errata/RHSA-2023:7783","https://access.redhat.com/errata/RHSA-2023:7784","https://access.redhat.com/errata/RHSA-2023:7785","https://access.redhat.com/errata/RHSA-2023:7786","https://access.redhat.com/errata/RHSA-2023:7788","https://access.redhat.com/errata/RHSA-2023:7789","https://access.redhat.com/errata/RHSA-2023:7790","https://access.redhat.com/errata/RHSA-2023:7878","https://access.redhat.com/errata/RHSA-2023:7883","https://access.redhat.com/errata/RHSA-2023:7884","https://access.redhat.com/errata/RHSA-2023:7885","https://access.redhat.com/errata/RHSA-2024:0304","https://access.redhat.com/errata/RHSA-2024:0332","https://access.redhat.com/errata/RHSA-2024:0337","https://access.redhat.com/security/cve/CVE-2023-5869","https://bugzilla.redhat.com/show_bug.cgi?id=2247169","https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/","https://www.postgresql.org/support/security/CVE-2023-5869/","https://access.redhat.com/errata/RHSA-2023:7545","https://access.redhat.com/errata/RHSA-2023:7579","https://access.redhat.com/errata/RHSA-2023:7580","https://access.redhat.com/errata/RHSA-2023:7581","https://access.redhat.com/errata/RHSA-2023:7616","https://access.redhat.com/errata/RHSA-2023:7656","https://access.redhat.com/errata/RHSA-2023:7666","https://access.redhat.com/errata/RHSA-2023:7667","https://access.redhat.com/errata/RHSA-2023:7694","https://access.redhat.com/errata/RHSA-2023:7695","https://access.redhat.com/errata/RHSA-2023:7714","https://access.redhat.com/errata/RHSA-2023:7770","https://access.redhat.com/errata/RHSA-2023:7771","https://access.redhat.com/errata/RHSA-2023:7772","https://access.redhat.com/errata/RHSA-2023:7778","https://access.redhat.com/errata/RHSA-2023:7783","https://access.redhat.com/errata/RHSA-2023:7784","https://access.redhat.com/errata/RHSA-2023:7785","https://access.redhat.com/errata/RHSA-2023:7786","https://access.redhat.com/errata/RHSA-2023:7788","https://access.redhat.com/errata/RHSA-2023:7789","https://access.redhat.com/errata/RHSA-2023:7790","https://access.redhat.com/errata/RHSA-2023:7878","https://access.redhat.com/errata/RHSA-2023:7883","https://access.redhat.com/errata/RHSA-2023:7884","https://access.redhat.com/errata/RHSA-2023:7885","https://access.redhat.com/errata/RHSA-2024:0304","https://access.redhat.com/errata/RHSA-2024:0332","https://access.redhat.com/errata/RHSA-2024:0337","https://access.redhat.com/security/cve/CVE-2023-5869","https://bugzilla.redhat.com/show_bug.cgi?id=2247169","https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html","https://security.netapp.com/advisory/ntap-20240119-0003/","https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/","https://www.postgresql.org/support/security/CVE-2023-5869/"],"published_time":"2023-12-10T18:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-46847","summary":"Squid is vulnerable to a Denial of Service,  where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"epss":0.38209,"ranking_epss":0.97205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2023:6266","https://access.redhat.com/errata/RHSA-2023:6267","https://access.redhat.com/errata/RHSA-2023:6268","https://access.redhat.com/errata/RHSA-2023:6748","https://access.redhat.com/errata/RHSA-2023:6801","https://access.redhat.com/errata/RHSA-2023:6803","https://access.redhat.com/errata/RHSA-2023:6804","https://access.redhat.com/errata/RHSA-2023:6805","https://access.redhat.com/errata/RHSA-2023:6810","https://access.redhat.com/errata/RHSA-2023:6882","https://access.redhat.com/errata/RHSA-2023:6884","https://access.redhat.com/errata/RHSA-2023:7213","https://access.redhat.com/errata/RHSA-2023:7576","https://access.redhat.com/errata/RHSA-2023:7578","https://access.redhat.com/security/cve/CVE-2023-46847","https://bugzilla.redhat.com/show_bug.cgi?id=2245916","https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g","https://access.redhat.com/errata/RHSA-2023:6266","https://access.redhat.com/errata/RHSA-2023:6267","https://access.redhat.com/errata/RHSA-2023:6268","https://access.redhat.com/errata/RHSA-2023:6748","https://access.redhat.com/errata/RHSA-2023:6801","https://access.redhat.com/errata/RHSA-2023:6803","https://access.redhat.com/errata/RHSA-2023:6804","https://access.redhat.com/errata/RHSA-2023:6805","https://access.redhat.com/errata/RHSA-2023:6810","https://access.redhat.com/errata/RHSA-2023:6882","https://access.redhat.com/errata/RHSA-2023:6884","https://access.redhat.com/errata/RHSA-2023:7213","https://access.redhat.com/errata/RHSA-2023:7576","https://access.redhat.com/errata/RHSA-2023:7578","https://access.redhat.com/security/cve/CVE-2023-46847","https://bugzilla.redhat.com/show_bug.cgi?id=2245916","https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g","https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html","https://security.netapp.com/advisory/ntap-20231130-0002/"],"published_time":"2023-11-03T08:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3972","summary":"A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":8e-05,"ranking_epss":0.00785,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2023:6264","https://access.redhat.com/errata/RHSA-2023:6282","https://access.redhat.com/errata/RHSA-2023:6283","https://access.redhat.com/errata/RHSA-2023:6284","https://access.redhat.com/errata/RHSA-2023:6795","https://access.redhat.com/errata/RHSA-2023:6796","https://access.redhat.com/errata/RHSA-2023:6798","https://access.redhat.com/errata/RHSA-2023:6811","https://access.redhat.com/security/cve/CVE-2023-3972","https://bugzilla.redhat.com/show_bug.cgi?id=2227027","https://github.com/RedHatInsights/insights-core/pull/3878","https://access.redhat.com/errata/RHSA-2023:6264","https://access.redhat.com/errata/RHSA-2023:6282","https://access.redhat.com/errata/RHSA-2023:6283","https://access.redhat.com/errata/RHSA-2023:6284","https://access.redhat.com/errata/RHSA-2023:6795","https://access.redhat.com/errata/RHSA-2023:6796","https://access.redhat.com/errata/RHSA-2023:6798","https://access.redhat.com/errata/RHSA-2023:6811","https://access.redhat.com/security/cve/CVE-2023-3972","https://bugzilla.redhat.com/show_bug.cgi?id=2227027","https://github.com/RedHatInsights/insights-core/pull/3878"],"published_time":"2023-11-01T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-5367","summary":"A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00064,"ranking_epss":0.20116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2023:6802","https://access.redhat.com/errata/RHSA-2023:6808","https://access.redhat.com/errata/RHSA-2023:7373","https://access.redhat.com/errata/RHSA-2023:7388","https://access.redhat.com/errata/RHSA-2023:7405","https://access.redhat.com/errata/RHSA-2023:7428","https://access.redhat.com/errata/RHSA-2023:7436","https://access.redhat.com/errata/RHSA-2023:7526","https://access.redhat.com/errata/RHSA-2023:7533","https://access.redhat.com/errata/RHSA-2024:0010","https://access.redhat.com/errata/RHSA-2024:0128","https://access.redhat.com/errata/RHSA-2024:2169","https://access.redhat.com/errata/RHSA-2024:2170","https://access.redhat.com/errata/RHSA-2024:2995","https://access.redhat.com/errata/RHSA-2024:2996","https://access.redhat.com/errata/RHSA-2025:12751","https://access.redhat.com/security/cve/CVE-2023-5367","https://bugzilla.redhat.com/show_bug.cgi?id=2243091","https://lists.x.org/archives/xorg-announce/2023-October/003430.html","https://access.redhat.com/errata/RHSA-2023:6802","https://access.redhat.com/errata/RHSA-2023:6808","https://access.redhat.com/errata/RHSA-2023:7373","https://access.redhat.com/errata/RHSA-2023:7388","https://access.redhat.com/errata/RHSA-2023:7405","https://access.redhat.com/errata/RHSA-2023:7428","https://access.redhat.com/errata/RHSA-2023:7436","https://access.redhat.com/errata/RHSA-2023:7526","https://access.redhat.com/errata/RHSA-2023:7533","https://access.redhat.com/errata/RHSA-2024:0010","https://access.redhat.com/errata/RHSA-2024:0128","https://access.redhat.com/errata/RHSA-2024:2169","https://access.redhat.com/errata/RHSA-2024:2170","https://access.redhat.com/errata/RHSA-2024:2995","https://access.redhat.com/errata/RHSA-2024:2996","https://access.redhat.com/security/cve/CVE-2023-5367","https://bugzilla.redhat.com/show_bug.cgi?id=2243091","https://lists.debian.org/debian-lts-announce/2023/10/msg00036.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/","https://lists.x.org/archives/xorg-announce/2023-October/003430.html","https://security.gentoo.org/glsa/202401-30","https://security.netapp.com/advisory/ntap-20231130-0004/","https://www.debian.org/security/2023/dsa-5534"],"published_time":"2023-10-25T20:15:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-3899","summary":"A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00026,"ranking_epss":0.07174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2023:4701","https://access.redhat.com/errata/RHSA-2023:4702","https://access.redhat.com/errata/RHSA-2023:4703","https://access.redhat.com/errata/RHSA-2023:4704","https://access.redhat.com/errata/RHSA-2023:4705","https://access.redhat.com/errata/RHSA-2023:4706","https://access.redhat.com/errata/RHSA-2023:4707","https://access.redhat.com/errata/RHSA-2023:4708","https://access.redhat.com/security/cve/CVE-2023-3899","https://bugzilla.redhat.com/show_bug.cgi?id=2225407","https://access.redhat.com/errata/RHSA-2023:4701","https://access.redhat.com/errata/RHSA-2023:4702","https://access.redhat.com/errata/RHSA-2023:4703","https://access.redhat.com/errata/RHSA-2023:4704","https://access.redhat.com/errata/RHSA-2023:4705","https://access.redhat.com/errata/RHSA-2023:4706","https://access.redhat.com/errata/RHSA-2023:4707","https://access.redhat.com/errata/RHSA-2023:4708","https://access.redhat.com/security/cve/CVE-2023-3899","https://bugzilla.redhat.com/show_bug.cgi?id=2225407","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJHKSBBZRDFOBNDU35FUKMYQIQYT6UJQ/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDIHGNLS3TZVX7X2F735OKI4KXPY4AH6/"],"published_time":"2023-08-23T11:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0179","summary":"A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.0048,"ranking_epss":0.65052,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=2161713","https://seclists.org/oss-sec/2023/q1/20","https://security.netapp.com/advisory/ntap-20230511-0003/","http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html","https://bugzilla.redhat.com/show_bug.cgi?id=2161713","https://seclists.org/oss-sec/2023/q1/20","https://security.netapp.com/advisory/ntap-20230511-0003/"],"published_time":"2023-03-27T22:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2023-0494","summary":"A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.","cvss":7.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.8,"epss":0.00613,"ranking_epss":0.69777,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=2165995","https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec","https://lists.x.org/archives/xorg-announce/2023-February/003320.html","https://security.gentoo.org/glsa/202305-30","https://bugzilla.redhat.com/show_bug.cgi?id=2165995","https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec","https://lists.x.org/archives/xorg-announce/2023-February/003320.html","https://security.gentoo.org/glsa/202305-30"],"published_time":"2023-03-27T21:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8720","summary":"A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.04099,"ranking_epss":0.88558,"kev":true,"propose_action":"WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution.","ransomware_campaign":"Unknown","references":["https://bugzilla.redhat.com/show_bug.cgi?id=1876611","https://webkitgtk.org/security/WSA-2019-0005.html","https://bugzilla.redhat.com/show_bug.cgi?id=1876611","https://webkitgtk.org/security/WSA-2019-0005.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720"],"published_time":"2023-03-06T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-4254","summary":"sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.00078,"ranking_epss":0.23321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2022-4254","https://bugzilla.redhat.com/show_bug.cgi?id=2149894","https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","https://github.com/SSSD/sssd/issues/5135","https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html","https://access.redhat.com/security/cve/CVE-2022-4254","https://bugzilla.redhat.com/show_bug.cgi?id=2149894","https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274","https://github.com/SSSD/sssd/issues/5135","https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"],"published_time":"2023-02-01T17:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-0144","summary":"QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.","cvss":8.6,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.6,"epss":0.00642,"ranking_epss":0.70546,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce","http://rhn.redhat.com/errata/RHSA-2014-0420.html","http://rhn.redhat.com/errata/RHSA-2014-0421.html","https://bugzilla.redhat.com/show_bug.cgi?id=1079240","https://www.vulnerabilitycenter.com/#%21vul=44767","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce","http://rhn.redhat.com/errata/RHSA-2014-0420.html","http://rhn.redhat.com/errata/RHSA-2014-0421.html","https://bugzilla.redhat.com/show_bug.cgi?id=1079240","https://www.vulnerabilitycenter.com/#%21vul=44767"],"published_time":"2022-09-29T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-0147","summary":"Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.","cvss":6.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.2,"epss":0.00121,"ranking_epss":0.31186,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789","http://rhn.redhat.com/errata/RHSA-2014-0420.html","http://rhn.redhat.com/errata/RHSA-2014-0421.html","http://www.openwall.com/lists/oss-security/2014/03/26/8","https://bugzilla.redhat.com/show_bug.cgi?id=1078848","https://bugzilla.redhat.com/show_bug.cgi?id=1086717","http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=246f65838d19db6db55bfb41117c35645a2c4789","http://rhn.redhat.com/errata/RHSA-2014-0420.html","http://rhn.redhat.com/errata/RHSA-2014-0421.html","http://www.openwall.com/lists/oss-security/2014/03/26/8","https://bugzilla.redhat.com/show_bug.cgi?id=1078848","https://bugzilla.redhat.com/show_bug.cgi?id=1086717"],"published_time":"2022-09-29T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-0148","summary":"Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00118,"ranking_epss":0.30759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6","http://rhn.redhat.com/errata/RHSA-2014-0420.html","http://rhn.redhat.com/errata/RHSA-2014-0421.html","http://www.openwall.com/lists/oss-security/2014/03/26/8","https://bugzilla.redhat.com/show_bug.cgi?id=1078212","https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html","http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=1d7678dec4761acdc43439da6ceda41a703ba1a6","http://rhn.redhat.com/errata/RHSA-2014-0420.html","http://rhn.redhat.com/errata/RHSA-2014-0421.html","http://www.openwall.com/lists/oss-security/2014/03/26/8","https://bugzilla.redhat.com/show_bug.cgi?id=1078212","https://lists.gnu.org/archive/html/qemu-devel/2014-03/msg04994.html"],"published_time":"2022-09-29T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-1931","summary":"IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.5,"epss":0.00053,"ranking_epss":0.16623,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html","http://rhn.redhat.com/errata/RHSA-2015-1485.html","http://rhn.redhat.com/errata/RHSA-2015-1486.html","http://rhn.redhat.com/errata/RHSA-2015-1488.html","http://rhn.redhat.com/errata/RHSA-2015-1544.html","http://rhn.redhat.com/errata/RHSA-2015-1604.html","http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182","http://www-01.ibm.com/support/docview.wss?uid=swg21962302","http://www.securityfocus.com/bid/75985","http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00014.html","http://rhn.redhat.com/errata/RHSA-2015-1485.html","http://rhn.redhat.com/errata/RHSA-2015-1486.html","http://rhn.redhat.com/errata/RHSA-2015-1488.html","http://rhn.redhat.com/errata/RHSA-2015-1544.html","http://rhn.redhat.com/errata/RHSA-2015-1604.html","http://www-01.ibm.com/support/docview.wss?uid=swg1IV75182","http://www-01.ibm.com/support/docview.wss?uid=swg21962302","http://www.securityfocus.com/bid/75985"],"published_time":"2022-09-29T03:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2738","summary":"The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.","cvss":7.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.5,"epss":0.00554,"ranking_epss":0.68027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2022-2738","https://bugzilla.redhat.com/show_bug.cgi?id=2116923","https://access.redhat.com/security/cve/CVE-2022-2738","https://bugzilla.redhat.com/show_bug.cgi?id=2116923"],"published_time":"2022-09-01T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-2739","summary":"The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.","cvss":5.3,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":5.3,"epss":0.00169,"ranking_epss":0.38157,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/CVE-2022-2739","https://bugzilla.redhat.com/show_bug.cgi?id=2116927","https://access.redhat.com/security/cve/CVE-2022-2739","https://bugzilla.redhat.com/show_bug.cgi?id=2116927"],"published_time":"2022-09-01T21:15:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-23238","summary":"Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.","cvss":6.5,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":6.5,"epss":0.00749,"ranking_epss":0.7308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.netapp.com/advisory/NTAP-20220808-0001/","https://security.netapp.com/advisory/NTAP-20220808-0001/"],"published_time":"2022-08-10T20:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-1227","summary":"A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.33719,"ranking_epss":0.96926,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=2070368","https://github.com/containers/podman/issues/10941","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/","https://security.netapp.com/advisory/ntap-20240628-0001/","https://bugzilla.redhat.com/show_bug.cgi?id=2070368","https://github.com/containers/podman/issues/10941","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/","https://security.netapp.com/advisory/ntap-20240628-0001/"],"published_time":"2022-04-29T16:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2022-0330","summary":"A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00039,"ranking_epss":0.11696,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/11/30/1","https://bugzilla.redhat.com/show_bug.cgi?id=2042404","https://security.netapp.com/advisory/ntap-20220526-0001/","https://www.openwall.com/lists/oss-security/2022/01/25/12","http://www.openwall.com/lists/oss-security/2022/11/30/1","https://bugzilla.redhat.com/show_bug.cgi?id=2042404","https://security.netapp.com/advisory/ntap-20220526-0001/","https://www.openwall.com/lists/oss-security/2022/01/25/12"],"published_time":"2022-03-25T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-3656","summary":"A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.8,"epss":0.00072,"ranking_epss":0.21989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1983988","https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc","https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc","https://www.openwall.com/lists/oss-security/2021/08/16/1","https://bugzilla.redhat.com/show_bug.cgi?id=1983988","https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc","https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc","https://www.openwall.com/lists/oss-security/2021/08/16/1"],"published_time":"2022-03-04T19:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-44142","summary":"The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide \"...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.\" Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.0,"cvss_v3":8.8,"epss":0.30651,"ranking_epss":0.96698,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.samba.org/show_bug.cgi?id=14914","https://kb.cert.org/vuls/id/119678","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2021-44142.html","https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin","https://bugzilla.samba.org/show_bug.cgi?id=14914","https://kb.cert.org/vuls/id/119678","https://security.gentoo.org/glsa/202309-06","https://www.kb.cert.org/vuls/id/119678","https://www.samba.org/samba/security/CVE-2021-44142.html","https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin"],"published_time":"2022-02-21T15:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4091","summary":"A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00343,"ranking_epss":0.56914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=2030307","https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html","https://bugzilla.redhat.com/show_bug.cgi?id=2030307","https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html","https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"],"published_time":"2022-02-18T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-2124","summary":"A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.00814,"ranking_epss":0.74232,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=2019660","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2016-2124.html","https://bugzilla.redhat.com/show_bug.cgi?id=2019660","https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2016-2124.html"],"published_time":"2022-02-18T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-25717","summary":"A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.","cvss":8.1,"cvss_version":3.0,"cvss_v2":8.5,"cvss_v3":8.1,"epss":0.00518,"ranking_epss":0.66718,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=2019672","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2020-25717.html","https://bugzilla.redhat.com/show_bug.cgi?id=2019672","https://security.gentoo.org/glsa/202309-06","https://www.samba.org/samba/security/CVE-2020-25717.html"],"published_time":"2022-02-18T18:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-4034","summary":"A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.8794,"ranking_epss":0.99473,"kev":true,"propose_action":"The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html","http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html","https://access.redhat.com/security/vulnerabilities/RHSB-2022-001","https://bugzilla.redhat.com/show_bug.cgi?id=2025869","https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf","https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt","https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/","https://www.starwindsoftware.com/security/sw-20220818-0001/","https://www.suse.com/support/kb/doc/?id=000020564","http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html","http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html","https://access.redhat.com/security/vulnerabilities/RHSB-2022-001","https://bugzilla.redhat.com/show_bug.cgi?id=2025869","https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf","https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt","https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/","https://www.starwindsoftware.com/security/sw-20220818-0001/","https://www.suse.com/support/kb/doc/?id=000020564","https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"],"published_time":"2022-01-28T20:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2021-40438","summary":"A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.","cvss":9.0,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.0,"epss":0.94432,"ranking_epss":0.99985,"kev":true,"propose_action":"A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.","ransomware_campaign":"Unknown","references":["https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20211008-0004/","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ","https://www.debian.org/security/2021/dsa-4982","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.tenable.com/security/tns-2021-17","https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/","https://security.gentoo.org/glsa/202208-20","https://security.netapp.com/advisory/ntap-20211008-0004/","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ","https://www.debian.org/security/2021/dsa-4982","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.tenable.com/security/tns-2021-17","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40438"],"published_time":"2021-09-16T15:15:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14850","summary":"A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.","cvss":3.7,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.7,"epss":0.00299,"ranking_epss":0.53188,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=1757258","https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html","https://bugzilla.redhat.com/show_bug.cgi?id=1757258","https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html"],"published_time":"2021-03-18T19:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3864","summary":"A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.00055,"ranking_epss":0.17505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210922","https://support.apple.com/en-us/HT210923","https://support.apple.com/en-us/HT210947","https://support.apple.com/en-us/HT210948","https://support.apple.com/en-us/HT210918","https://support.apple.com/en-us/HT210920","https://support.apple.com/en-us/HT210922","https://support.apple.com/en-us/HT210923","https://support.apple.com/en-us/HT210947","https://support.apple.com/en-us/HT210948"],"published_time":"2020-10-27T21:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8846","summary":"A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.0057,"ranking_epss":0.68549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8844","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.02982,"ranking_epss":0.86486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210789","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T20:15:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8835","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.0057,"ranking_epss":0.68549,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795","https://support.apple.com/en-us/HT210785","https://support.apple.com/en-us/HT210790","https://support.apple.com/en-us/HT210792","https://support.apple.com/en-us/HT210793","https://support.apple.com/en-us/HT210794","https://support.apple.com/en-us/HT210795"],"published_time":"2020-10-27T20:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14300","summary":"The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected.","cvss":8.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.8,"epss":0.00267,"ranking_epss":0.50219,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2020:0427","https://access.redhat.com/security/cve/CVE-2016-9962","https://access.redhat.com/security/vulnerabilities/cve-2016-9962","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9962","https://access.redhat.com/errata/RHBA-2020:0427","https://access.redhat.com/security/cve/CVE-2016-9962","https://access.redhat.com/security/vulnerabilities/cve-2016-9962","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9962"],"published_time":"2020-07-13T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-14298","summary":"The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.","cvss":8.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.8,"epss":0.00132,"ranking_epss":0.32849,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2020:0427","https://access.redhat.com/security/cve/CVE-2020-14298","https://access.redhat.com/security/vulnerabilities/runcescape","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-5736","https://access.redhat.com/errata/RHBA-2020:0427","https://access.redhat.com/security/cve/CVE-2020-14298","https://access.redhat.com/security/vulnerabilities/runcescape","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-5736"],"published_time":"2020-07-13T21:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10751","summary":"A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.","cvss":6.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":6.1,"epss":0.00084,"ranking_epss":0.24607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","http://www.openwall.com/lists/oss-security/2020/05/27/3","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/","https://usn.ubuntu.com/4389-1/","https://usn.ubuntu.com/4390-1/","https://usn.ubuntu.com/4391-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","https://www.openwall.com/lists/oss-security/2020/04/30/5","https://www.oracle.com/security-alerts/cpuApr2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html","http://www.openwall.com/lists/oss-security/2020/05/27/3","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6","https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html","https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html","https://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg%40mail.gmail.com/","https://usn.ubuntu.com/4389-1/","https://usn.ubuntu.com/4390-1/","https://usn.ubuntu.com/4391-1/","https://usn.ubuntu.com/4412-1/","https://usn.ubuntu.com/4413-1/","https://www.debian.org/security/2020/dsa-4698","https://www.debian.org/security/2020/dsa-4699","https://www.openwall.com/lists/oss-security/2020/04/30/5","https://www.oracle.com/security-alerts/cpuApr2021.html"],"published_time":"2020-05-26T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-10531","summary":"An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.0079,"ranking_epss":0.73839,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html","https://access.redhat.com/errata/RHSA-2020:0738","https://bugs.chromium.org/p/chromium/issues/detail?id=1044570","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html","https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08","https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca","https://github.com/unicode-org/icu/pull/971","https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-15","https://unicode-org.atlassian.net/browse/ICU-20958","https://usn.ubuntu.com/4305-1/","https://www.debian.org/security/2020/dsa-4646","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00004.html","https://access.redhat.com/errata/RHSA-2020:0738","https://bugs.chromium.org/p/chromium/issues/detail?id=1044570","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html","https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08","https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca","https://github.com/unicode-org/icu/pull/971","https://lists.debian.org/debian-lts-announce/2020/03/msg00024.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-15","https://unicode-org.atlassian.net/browse/ICU-20958","https://usn.ubuntu.com/4305-1/","https://www.debian.org/security/2020/dsa-4646","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2021.html"],"published_time":"2020-03-12T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6383","summary":"Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.2402,"ranking_epss":0.96013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0738","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html","https://crbug.com/1051017","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://www.debian.org/security/2020/dsa-4638","https://access.redhat.com/errata/RHSA-2020:0738","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html","https://crbug.com/1051017","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-27T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6384","summary":"Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02429,"ranking_epss":0.85097,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0738","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html","https://crbug.com/1048473","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://www.debian.org/security/2020/dsa-4638","https://access.redhat.com/errata/RHSA-2020:0738","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html","https://crbug.com/1048473","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-27T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6386","summary":"Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02532,"ranking_epss":0.8539,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0738","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html","https://crbug.com/1043603","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://www.debian.org/security/2020/dsa-4638","https://access.redhat.com/errata/RHSA-2020:0738","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_18.html","https://crbug.com/1043603","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-27T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6418","summary":"Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.85227,"ranking_epss":0.99353,"kev":true,"propose_action":"Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html","https://access.redhat.com/errata/RHSA-2020:0738","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html","https://crbug.com/1053604","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html","https://access.redhat.com/errata/RHSA-2020:0738","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html","https://crbug.com/1053604","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6418"],"published_time":"2020-02-27T23:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-3757","summary":"Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.05414,"ranking_epss":0.90111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0513","https://helpx.adobe.com/security/products/flash-player/apsb20-06.html","https://security.gentoo.org/glsa/202003-61","https://access.redhat.com/errata/RHSA-2020:0513","https://helpx.adobe.com/security/products/flash-player/apsb20-06.html","https://security.gentoo.org/glsa/202003-61"],"published_time":"2020-02-13T16:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-8945","summary":"The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.5,"epss":0.01939,"ranking_epss":0.83373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0679","https://access.redhat.com/errata/RHSA-2020:0689","https://access.redhat.com/errata/RHSA-2020:0697","https://bugzilla.redhat.com/show_bug.cgi?id=1795838","https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1","https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1","https://github.com/proglottis/gpgme/pull/23","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/","https://access.redhat.com/errata/RHSA-2020:0679","https://access.redhat.com/errata/RHSA-2020:0689","https://access.redhat.com/errata/RHSA-2020:0697","https://bugzilla.redhat.com/show_bug.cgi?id=1795838","https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1","https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1","https://github.com/proglottis/gpgme/pull/23","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/"],"published_time":"2020-02-12T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-4535","summary":"The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.8,"epss":0.0038,"ranking_epss":0.59458,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4","http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html","http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html","http://rhn.redhat.com/errata/RHSA-2014-0743.html","http://rhn.redhat.com/errata/RHSA-2014-0744.html","https://bugzilla.redhat.com/show_bug.cgi?id=1066401","http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=36cf2a37132c7f01fa9adb5f95f5312b27742fd4","http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html","http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html","http://rhn.redhat.com/errata/RHSA-2014-0743.html","http://rhn.redhat.com/errata/RHSA-2014-0744.html","https://bugzilla.redhat.com/show_bug.cgi?id=1066401"],"published_time":"2020-02-11T16:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6415","summary":"Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02916,"ranking_epss":0.86338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1029576","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1029576","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6416","summary":"Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.03893,"ranking_epss":0.88224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1031895","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1031895","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6396","summary":"Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01379,"ranking_epss":0.80227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1035271","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1035271","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6397","summary":"Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01379,"ranking_epss":0.80227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1027408","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1027408","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6398","summary":"Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02199,"ranking_epss":0.84365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1032090","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1032090","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6400","summary":"Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01918,"ranking_epss":0.83281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1038036","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1038036","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6402","summary":"Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.03167,"ranking_epss":0.86899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1029375","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1029375","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6403","summary":"Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01379,"ranking_epss":0.80227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1006012","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1006012","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6404","summary":"Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01754,"ranking_epss":0.82532,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1024256","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1024256","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6406","summary":"Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02916,"ranking_epss":0.86338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1042254","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1042254","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6408","summary":"Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01238,"ranking_epss":0.79198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1026546","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1026546","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6381","summary":"Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02916,"ranking_epss":0.86338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1034394","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1034394","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6382","summary":"Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02916,"ranking_epss":0.86338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1031909","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1031909","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6385","summary":"Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01421,"ranking_epss":0.80556,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1035399","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1035399","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6390","summary":"Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.07149,"ranking_epss":0.91524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","http://packetstormsecurity.com/files/157419/Chrome-ReadableStream-Close-Out-Of-Bounds-Access.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1045874","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","http://packetstormsecurity.com/files/157419/Chrome-ReadableStream-Close-Out-Of-Bounds-Access.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1045874","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6391","summary":"Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01288,"ranking_epss":0.79609,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1017871","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1017871","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6392","summary":"Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01288,"ranking_epss":0.79609,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1030411","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1030411","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6393","summary":"Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01456,"ranking_epss":0.80775,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1035058","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1035058","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6394","summary":"Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page.","cvss":5.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":5.4,"epss":0.01071,"ranking_epss":0.77707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1014371","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html","https://crbug.com/1014371","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4638"],"published_time":"2020-02-11T15:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-15605","summary":"HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.32252,"ranking_epss":0.96816,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html","https://access.redhat.com/errata/RHSA-2020:0573","https://access.redhat.com/errata/RHSA-2020:0579","https://access.redhat.com/errata/RHSA-2020:0597","https://access.redhat.com/errata/RHSA-2020:0598","https://access.redhat.com/errata/RHSA-2020:0602","https://access.redhat.com/errata/RHSA-2020:0703","https://access.redhat.com/errata/RHSA-2020:0707","https://access.redhat.com/errata/RHSA-2020:0708","https://hackerone.com/reports/735748","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/","https://nodejs.org/en/blog/release/v10.19.0/","https://nodejs.org/en/blog/release/v12.15.0/","https://nodejs.org/en/blog/release/v13.8.0/","https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/","https://security.gentoo.org/glsa/202003-48","https://security.netapp.com/advisory/ntap-20200221-0004/","https://www.debian.org/security/2020/dsa-4669","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00008.html","https://access.redhat.com/errata/RHSA-2020:0573","https://access.redhat.com/errata/RHSA-2020:0579","https://access.redhat.com/errata/RHSA-2020:0597","https://access.redhat.com/errata/RHSA-2020:0598","https://access.redhat.com/errata/RHSA-2020:0602","https://access.redhat.com/errata/RHSA-2020:0703","https://access.redhat.com/errata/RHSA-2020:0707","https://access.redhat.com/errata/RHSA-2020:0708","https://hackerone.com/reports/735748","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CT3WTR4P5VAJ3GJGKPYEDUPTNZ3IEDUR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLB676PDU4RJQLWQUA277YNGYYNEYGWO/","https://nodejs.org/en/blog/release/v10.19.0/","https://nodejs.org/en/blog/release/v12.15.0/","https://nodejs.org/en/blog/release/v13.8.0/","https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/","https://security.gentoo.org/glsa/202003-48","https://security.netapp.com/advisory/ntap-20200221-0004/","https://www.debian.org/security/2020/dsa-4669","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2020-02-07T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2013-4166","summary":"The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01005,"ranking_epss":0.76988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2013-1540.html","http://seclists.org/oss-sec/2013/q3/191","https://bugzilla.redhat.com/show_bug.cgi?id=973728","https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5","https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d","http://rhn.redhat.com/errata/RHSA-2013-1540.html","http://seclists.org/oss-sec/2013/q3/191","https://bugzilla.redhat.com/show_bug.cgi?id=973728","https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5","https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d"],"published_time":"2020-02-06T15:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-8141","summary":"Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.08072,"ranking_epss":0.92119,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.ocert.org/advisories/ocert-2014-011.html","http://www.securitytracker.com/id/1031433","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174856","http://www.ocert.org/advisories/ocert-2014-011.html","http://www.securitytracker.com/id/1031433","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174856"],"published_time":"2020-01-31T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-8139","summary":"Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.08072,"ranking_epss":0.92119,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.ocert.org/advisories/ocert-2014-011.html","http://www.securitytracker.com/id/1031433","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844","http://www.ocert.org/advisories/ocert-2014-011.html","http://www.securitytracker.com/id/1031433","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174844"],"published_time":"2020-01-31T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-8140","summary":"Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.08072,"ranking_epss":0.92119,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.ocert.org/advisories/ocert-2014-011.html","http://www.securitytracker.com/id/1031433","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174851","http://www.ocert.org/advisories/ocert-2014-011.html","http://www.securitytracker.com/id/1031433","https://access.redhat.com/errata/RHSA-2015:0700","https://bugzilla.redhat.com/show_bug.cgi?id=1174851"],"published_time":"2020-01-31T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2011-4088","summary":"ABRT might allow attackers to obtain sensitive information from crash reports.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00745,"ranking_epss":0.72996,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/71871","http://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html","https://exchange.xforce.ibmcloud.com/vulnerabilities/71871"],"published_time":"2020-01-31T17:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2659","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00293,"ranking_epss":0.52573,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2601","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).","cvss":6.8,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.8,"epss":0.00714,"ranking_epss":0.72291,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2604","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.01699,"ranking_epss":0.82234,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2021.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2021.html"],"published_time":"2020-01-15T17:15:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2583","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00519,"ranking_epss":0.66761,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2590","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00449,"ranking_epss":0.63577,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-2593","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"epss":0.0064,"ranking_epss":0.70495,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html","https://access.redhat.com/errata/RHSA-2020:0122","https://access.redhat.com/errata/RHSA-2020:0128","https://access.redhat.com/errata/RHSA-2020:0157","https://access.redhat.com/errata/RHSA-2020:0196","https://access.redhat.com/errata/RHSA-2020:0202","https://access.redhat.com/errata/RHSA-2020:0231","https://access.redhat.com/errata/RHSA-2020:0232","https://access.redhat.com/errata/RHSA-2020:0465","https://access.redhat.com/errata/RHSA-2020:0467","https://access.redhat.com/errata/RHSA-2020:0468","https://access.redhat.com/errata/RHSA-2020:0469","https://access.redhat.com/errata/RHSA-2020:0470","https://access.redhat.com/errata/RHSA-2020:0541","https://access.redhat.com/errata/RHSA-2020:0632","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2020/02/msg00034.html","https://seclists.org/bugtraq/2020/Feb/22","https://seclists.org/bugtraq/2020/Jan/24","https://security.gentoo.org/glsa/202101-19","https://security.netapp.com/advisory/ntap-20200122-0003/","https://usn.ubuntu.com/4257-1/","https://www.debian.org/security/2020/dsa-4605","https://www.debian.org/security/2020/dsa-4621","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2020-01-15T17:15:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-3147","summary":"daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":6.5,"epss":0.00535,"ranking_epss":0.67406,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2015-1083.html","http://www.openwall.com/lists/oss-security/2015/04/17/5","https://bugzilla.redhat.com/show_bug.cgi?id=1212953","https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091","https://github.com/abrt/abrt/pull/955","http://rhn.redhat.com/errata/RHSA-2015-1083.html","http://www.openwall.com/lists/oss-security/2015/04/17/5","https://bugzilla.redhat.com/show_bug.cgi?id=1212953","https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091","https://github.com/abrt/abrt/pull/955"],"published_time":"2020-01-14T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-7844","summary":"BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.0055,"ranking_epss":0.67927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://linux.oracle.com/errata/ELSA-2014-1999.html","http://rhn.redhat.com/errata/RHSA-2014-1999.html","http://seclists.org/oss-sec/2014/q4/1066","http://www.debian.org/security/2014/dsa-3104","http://www.debian.org/security/2014/dsa-3105","http://linux.oracle.com/errata/ELSA-2014-1999.html","http://rhn.redhat.com/errata/RHSA-2014-1999.html","http://seclists.org/oss-sec/2014/q4/1066","http://www.debian.org/security/2014/dsa-3104","http://www.debian.org/security/2014/dsa-3105"],"published_time":"2020-01-14T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2020-6851","summary":"OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01434,"ranking_epss":0.80641,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0262","https://access.redhat.com/errata/RHSA-2020:0274","https://access.redhat.com/errata/RHSA-2020:0296","https://github.com/uclouvain/openjpeg/issues/1228","https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/","https://www.debian.org/security/2021/dsa-4882","https://www.oracle.com/security-alerts/cpujul2020.html","https://access.redhat.com/errata/RHSA-2020:0262","https://access.redhat.com/errata/RHSA-2020:0274","https://access.redhat.com/errata/RHSA-2020:0296","https://github.com/uclouvain/openjpeg/issues/1228","https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACIIDDCKZJEPKTTFILSOSBQL7L3FC6V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XBRMI2D3XPVWKE3V52KRBW7BJVLS5LD3/","https://www.debian.org/security/2021/dsa-4882","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2020-01-13T06:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17016","summary":"When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.03465,"ranking_epss":0.87496,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1599181","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1599181","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17017","summary":"Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.0263,"ranking_epss":0.85629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1603055","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1603055","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17022","summary":"When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer does not escape &lt; and &gt; characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.04633,"ranking_epss":0.8925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1602843","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/show_bug.cgi?id=1602843","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17024","summary":"Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.03276,"ranking_epss":0.87135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html","http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html","https://access.redhat.com/errata/RHSA-2020:0085","https://access.redhat.com/errata/RHSA-2020:0086","https://access.redhat.com/errata/RHSA-2020:0111","https://access.redhat.com/errata/RHSA-2020:0120","https://access.redhat.com/errata/RHSA-2020:0123","https://access.redhat.com/errata/RHSA-2020:0127","https://access.redhat.com/errata/RHSA-2020:0292","https://access.redhat.com/errata/RHSA-2020:0295","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507180%2C1595470%2C1598605%2C1601826","https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html","https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html","https://seclists.org/bugtraq/2020/Jan/12","https://seclists.org/bugtraq/2020/Jan/18","https://seclists.org/bugtraq/2020/Jan/26","https://security.gentoo.org/glsa/202003-02","https://usn.ubuntu.com/4234-1/","https://usn.ubuntu.com/4241-1/","https://usn.ubuntu.com/4335-1/","https://www.debian.org/security/2020/dsa-4600","https://www.debian.org/security/2020/dsa-4603","https://www.mozilla.org/security/advisories/mfsa2020-01/","https://www.mozilla.org/security/advisories/mfsa2020-02/"],"published_time":"2020-01-08T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19925","summary":"zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.07012,"ranking_epss":0.91437,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://www.debian.org/security/2020/dsa-4638","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://www.debian.org/security/2020/dsa-4638","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-12-24T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19923","summary":"flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.062,"ranking_epss":0.90825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://www.debian.org/security/2020/dsa-4638","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://www.debian.org/security/2020/dsa-4638","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-12-24T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19926","summary":"multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.06317,"ranking_epss":0.90931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4638","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089","https://security.netapp.com/advisory/ntap-20200114-0003/","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4638","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-12-23T01:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1311","summary":"The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.04171,"ranking_epss":0.88661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2024/02/16/1","https://access.redhat.com/errata/RHSA-2020:0702","https://access.redhat.com/errata/RHSA-2020:0704","https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E","https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E","https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E","https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html","https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/","https://marc.info/?l=xerces-c-users&m=157653840106914&w=2","https://www.debian.org/security/2020/dsa-4814","https://www.oracle.com/security-alerts/cpujan2022.html","http://www.openwall.com/lists/oss-security/2024/02/16/1","https://access.redhat.com/errata/RHSA-2020:0702","https://access.redhat.com/errata/RHSA-2020:0704","https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E","https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E","https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E","https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html","https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/","https://marc.info/?l=xerces-c-users&m=157653840106914&w=2","https://www.debian.org/security/2020/dsa-4814","https://www.oracle.com/security-alerts/cpujan2022.html"],"published_time":"2019-12-18T20:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8815","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.01032,"ranking_epss":0.77308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210721","https://support.apple.com/HT210723","https://support.apple.com/HT210725","https://support.apple.com/HT210726","https://support.apple.com/HT210727","https://support.apple.com/HT210728","https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210721","https://support.apple.com/HT210723","https://support.apple.com/HT210725","https://support.apple.com/HT210726","https://support.apple.com/HT210727","https://support.apple.com/HT210728"],"published_time":"2019-12-18T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8816","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.00518,"ranking_epss":0.6671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210721","https://support.apple.com/HT210723","https://support.apple.com/HT210724","https://support.apple.com/HT210725","https://support.apple.com/HT210726","https://support.apple.com/HT210727","https://support.apple.com/HT210728","https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210721","https://support.apple.com/HT210723","https://support.apple.com/HT210724","https://support.apple.com/HT210725","https://support.apple.com/HT210726","https://support.apple.com/HT210727","https://support.apple.com/HT210728"],"published_time":"2019-12-18T18:15:44","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8814","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.00739,"ranking_epss":0.72852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210721","https://support.apple.com/HT210723","https://support.apple.com/HT210725","https://support.apple.com/HT210726","https://support.apple.com/HT210727","https://support.apple.com/HT210728","https://security.gentoo.org/glsa/202003-22","https://support.apple.com/HT210721","https://support.apple.com/HT210723","https://support.apple.com/HT210725","https://support.apple.com/HT210726","https://support.apple.com/HT210727","https://support.apple.com/HT210728"],"published_time":"2019-12-18T18:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8684","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.03291,"ranking_epss":0.8717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8688","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.03941,"ranking_epss":0.88306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8689","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.30057,"ranking_epss":0.96637,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8676","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.03291,"ranking_epss":0.8717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8669","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.03291,"ranking_epss":0.8717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8672","summary":"Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.41725,"ranking_epss":0.97403,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358","https://support.apple.com/HT210346","https://support.apple.com/HT210348","https://support.apple.com/HT210351","https://support.apple.com/HT210353","https://support.apple.com/HT210355","https://support.apple.com/HT210356","https://support.apple.com/HT210357","https://support.apple.com/HT210358"],"published_time":"2019-12-18T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8544","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.0155,"ranking_epss":0.81372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209603","https://support.apple.com/HT209604","https://support.apple.com/HT209605","https://support.apple.com/HT209599","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209603","https://support.apple.com/HT209604","https://support.apple.com/HT209605"],"published_time":"2019-12-18T18:15:25","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8535","summary":"A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.02137,"ranking_epss":0.84149,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209601","https://support.apple.com/HT209603","https://support.apple.com/HT209604","https://support.apple.com/HT209605","https://support.apple.com/HT209599","https://support.apple.com/HT209601","https://support.apple.com/HT209603","https://support.apple.com/HT209604","https://support.apple.com/HT209605"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8536","summary":"A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.01464,"ranking_epss":0.80836,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://support.apple.com/HT209599","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209603","https://support.apple.com/HT209604","https://support.apple.com/HT209605","https://support.apple.com/HT209599","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209603","https://support.apple.com/HT209604","https://support.apple.com/HT209605"],"published_time":"2019-12-18T18:15:24","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8506","summary":"A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.08064,"ranking_epss":0.92114,"kev":true,"propose_action":"A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.","ransomware_campaign":"Unknown","references":["https://support.apple.com/HT209599","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209603","https://support.apple.com/HT209604","https://support.apple.com/HT209605","https://support.apple.com/HT209599","https://support.apple.com/HT209601","https://support.apple.com/HT209602","https://support.apple.com/HT209603","https://support.apple.com/HT209604","https://support.apple.com/HT209605","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8506"],"published_time":"2019-12-18T18:15:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-19880","summary":"exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.06395,"ranking_epss":0.90986,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54","https://security.netapp.com/advisory/ntap-20200114-0001/","https://usn.ubuntu.com/4298-1/","https://www.debian.org/security/2020/dsa-4638","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html","https://access.redhat.com/errata/RHSA-2020:0514","https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54","https://security.netapp.com/advisory/ntap-20200114-0001/","https://usn.ubuntu.com/4298-1/","https://www.debian.org/security/2020/dsa-4638","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-12-18T06:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13753","summary":"Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.04173,"ranking_epss":0.88661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025471","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025471","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13754","summary":"Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00282,"ranking_epss":0.51516,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/442579","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/442579","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13755","summary":"Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01851,"ranking_epss":0.82957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/696208","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/696208","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13756","summary":"Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01851,"ranking_epss":0.82957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/708595","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/708595","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13757","summary":"Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01851,"ranking_epss":0.82957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/884693","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/884693","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13758","summary":"Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01003,"ranking_epss":0.76972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/979441","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/979441","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13759","summary":"Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.0234,"ranking_epss":0.84811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/901789","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/901789","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13761","summary":"Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.0234,"ranking_epss":0.84811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1002687","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1002687","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13762","summary":"Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"epss":0.00032,"ranking_epss":0.09113,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1004212","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1004212","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13763","summary":"Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.02019,"ranking_epss":0.83708,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1011600","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1011600","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13764","summary":"Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.39522,"ranking_epss":0.97287,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1028863","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1028863","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13745","summary":"Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0241,"ranking_epss":0.85036,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/990867","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/990867","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13746","summary":"Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01851,"ranking_epss":0.82957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/999932","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/999932","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13747","summary":"Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02356,"ranking_epss":0.84862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1018528","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1018528","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13748","summary":"Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00846,"ranking_epss":0.74785,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/993706","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/993706","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13749","summary":"Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01851,"ranking_epss":0.82957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1010765","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1010765","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13750","summary":"Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00165,"ranking_epss":0.37682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025464","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025464","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13751","summary":"Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00999,"ranking_epss":0.76935,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025465","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025465","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13752","summary":"Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.04173,"ranking_epss":0.88661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025470","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025470","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13729","summary":"Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.03525,"ranking_epss":0.87613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025489","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025489","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13730","summary":"Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01911,"ranking_epss":0.83245,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1028862","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1028862","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13732","summary":"Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.03525,"ranking_epss":0.87613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1023817","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1023817","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13734","summary":"Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.05904,"ranking_epss":0.90567,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://access.redhat.com/errata/RHSA-2020:0227","https://access.redhat.com/errata/RHSA-2020:0229","https://access.redhat.com/errata/RHSA-2020:0273","https://access.redhat.com/errata/RHSA-2020:0451","https://access.redhat.com/errata/RHSA-2020:0463","https://access.redhat.com/errata/RHSA-2020:0476","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025466","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","https://www.oracle.com/security-alerts/cpujan2022.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://access.redhat.com/errata/RHSA-2020:0227","https://access.redhat.com/errata/RHSA-2020:0229","https://access.redhat.com/errata/RHSA-2020:0273","https://access.redhat.com/errata/RHSA-2020:0451","https://access.redhat.com/errata/RHSA-2020:0463","https://access.redhat.com/errata/RHSA-2020:0476","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025466","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://usn.ubuntu.com/4298-1/","https://usn.ubuntu.com/4298-2/","https://www.debian.org/security/2020/dsa-4606","https://www.oracle.com/security-alerts/cpujan2022.html"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13735","summary":"Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.06077,"ranking_epss":0.90723,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025468","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025468","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13736","summary":"Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02375,"ranking_epss":0.84917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1020899","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1020899","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13737","summary":"Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.02568,"ranking_epss":0.85483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1013882","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1013882","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13738","summary":"Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00889,"ranking_epss":0.75461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1017441","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1017441","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13739","summary":"Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01851,"ranking_epss":0.82957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/824715","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/824715","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13740","summary":"Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00973,"ranking_epss":0.76631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1005596","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1005596","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13741","summary":"Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01702,"ranking_epss":0.82253,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1011950","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1011950","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13742","summary":"Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0234,"ranking_epss":0.84811,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1017564","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1017564","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13743","summary":"Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01851,"ranking_epss":0.82957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/754304","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/754304","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13744","summary":"Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.02568,"ranking_epss":0.85483,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/853670","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/853670","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13725","summary":"Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.06982,"ranking_epss":0.91415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025067","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1025067","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13726","summary":"Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.074,"ranking_epss":0.91704,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1027152","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1027152","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13727","summary":"Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01281,"ranking_epss":0.79553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/944619","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/944619","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13728","summary":"Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.03148,"ranking_epss":0.86856,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1024758","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html","https://access.redhat.com/errata/RHSA-2019:4238","https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html","https://crbug.com/1024758","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/","https://seclists.org/bugtraq/2020/Jan/27","https://security.gentoo.org/glsa/202003-08","https://www.debian.org/security/2020/dsa-4606"],"published_time":"2019-12-10T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5544","summary":"OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.92688,"ranking_epss":0.99749,"kev":true,"propose_action":"VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.","ransomware_campaign":"Known","references":["http://www.openwall.com/lists/oss-security/2019/12/10/2","http://www.openwall.com/lists/oss-security/2019/12/11/2","http://www.vmware.com/security/advisories/VMSA-2019-0022.html","https://access.redhat.com/errata/RHSA-2019:4240","https://access.redhat.com/errata/RHSA-2020:0199","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/","https://security.gentoo.org/glsa/202005-12","http://www.openwall.com/lists/oss-security/2019/12/10/2","http://www.openwall.com/lists/oss-security/2019/12/11/2","http://www.vmware.com/security/advisories/VMSA-2019-0022.html","https://access.redhat.com/errata/RHSA-2019:4240","https://access.redhat.com/errata/RHSA-2020:0199","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DA3LYAJ2NRKMOZLZOQNDJ5TNQRFMWGHF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZPXXJZLPLAQULBCJVI5NNWZ3PGWXGXWG/","https://security.gentoo.org/glsa/202005-12","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5544"],"published_time":"2019-12-06T16:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2011-2515","summary":"PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":5.3,"epss":0.00165,"ranking_epss":0.37587,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/security/cve/cve-2011-2515","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515","https://security-tracker.debian.org/tracker/CVE-2011-2515","https://www.securityfocus.com/bid/48557/info","https://access.redhat.com/security/cve/cve-2011-2515","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2515","https://security-tracker.debian.org/tracker/CVE-2011-2515","https://www.securityfocus.com/bid/48557/info"],"published_time":"2019-11-27T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10216","summary":"In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.","cvss":7.3,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.3,"epss":0.00526,"ranking_epss":0.66986,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216","https://security.gentoo.org/glsa/202004-03","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216","https://security.gentoo.org/glsa/202004-03"],"published_time":"2019-11-27T13:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13723","summary":"Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01205,"ranking_epss":0.7892,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html","https://access.redhat.com/errata/RHSA-2019:3955","https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html","https://crbug.com/1024121","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/","https://security.gentoo.org/glsa/202003-08","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00035.html","https://access.redhat.com/errata/RHSA-2019:3955","https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html","https://crbug.com/1024121","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/54XWRJ5LDFL27QXBPIBX3EHO4TPMKN4R/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USW7PGIHNPE6W3LGY6ZDFLELQGSL52CH/","https://security.gentoo.org/glsa/202003-08"],"published_time":"2019-11-25T15:15:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2012-6136","summary":"tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.00026,"ranking_epss":0.07174,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136","https://security-tracker.debian.org/tracker/CVE-2012-6136","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6136","https://security-tracker.debian.org/tracker/CVE-2012-6136"],"published_time":"2019-11-20T15:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12207","summary":"Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":6.5,"epss":0.00262,"ranking_epss":0.49519,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","https://access.redhat.com/errata/RHSA-2019:3916","https://access.redhat.com/errata/RHSA-2019:3936","https://access.redhat.com/errata/RHSA-2019:3941","https://access.redhat.com/errata/RHSA-2020:0026","https://access.redhat.com/errata/RHSA-2020:0028","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","https://seclists.org/bugtraq/2020/Jan/21","https://security.gentoo.org/glsa/202003-56","https://support.f5.com/csp/article/K17269881?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4186-2/","https://www.debian.org/security/2020/dsa-4602","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html","https://www.oracle.com/security-alerts/cpujul2020.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","https://access.redhat.com/errata/RHSA-2019:3916","https://access.redhat.com/errata/RHSA-2019:3936","https://access.redhat.com/errata/RHSA-2019:3941","https://access.redhat.com/errata/RHSA-2020:0026","https://access.redhat.com/errata/RHSA-2020:0028","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","https://seclists.org/bugtraq/2020/Jan/21","https://security.gentoo.org/glsa/202003-56","https://support.f5.com/csp/article/K17269881?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4186-2/","https://www.debian.org/security/2020/dsa-4602","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2019-11-14T20:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11135","summary":"TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.","cvss":6.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.5,"epss":0.00319,"ranking_epss":0.54918,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/12/10/3","http://www.openwall.com/lists/oss-security/2019/12/10/4","http://www.openwall.com/lists/oss-security/2019/12/11/1","https://access.redhat.com/errata/RHSA-2019:3936","https://access.redhat.com/errata/RHSA-2020:0026","https://access.redhat.com/errata/RHSA-2020:0028","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0279","https://access.redhat.com/errata/RHSA-2020:0366","https://access.redhat.com/errata/RHSA-2020:0555","https://access.redhat.com/errata/RHSA-2020:0666","https://access.redhat.com/errata/RHSA-2020:0730","https://kc.mcafee.com/corporate/index?page=content&id=SB10306","https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","https://seclists.org/bugtraq/2019/Dec/28","https://seclists.org/bugtraq/2019/Nov/26","https://seclists.org/bugtraq/2020/Jan/21","https://security.gentoo.org/glsa/202003-56","https://support.f5.com/csp/article/K02912734?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us","https://usn.ubuntu.com/4186-2/","https://www.debian.org/security/2020/dsa-4602","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html","https://www.oracle.com/security-alerts/cpujan2021.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html","http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/12/10/3","http://www.openwall.com/lists/oss-security/2019/12/10/4","http://www.openwall.com/lists/oss-security/2019/12/11/1","https://access.redhat.com/errata/RHSA-2019:3936","https://access.redhat.com/errata/RHSA-2020:0026","https://access.redhat.com/errata/RHSA-2020:0028","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0279","https://access.redhat.com/errata/RHSA-2020:0366","https://access.redhat.com/errata/RHSA-2020:0555","https://access.redhat.com/errata/RHSA-2020:0666","https://access.redhat.com/errata/RHSA-2020:0730","https://kc.mcafee.com/corporate/index?page=content&id=SB10306","https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/","https://seclists.org/bugtraq/2019/Dec/28","https://seclists.org/bugtraq/2019/Nov/26","https://seclists.org/bugtraq/2020/Jan/21","https://security.gentoo.org/glsa/202003-56","https://support.f5.com/csp/article/K02912734?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us","https://usn.ubuntu.com/4186-2/","https://www.debian.org/security/2020/dsa-4602","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html","https://www.oracle.com/security-alerts/cpujan2021.html"],"published_time":"2019-11-14T19:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6470","summary":"There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.","cvss":6.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":6.5,"epss":0.00265,"ranking_epss":0.49981,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2060","https://access.redhat.com/errata/RHSA-2019:3525","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122","https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html","https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html","https://access.redhat.com/errata/RHSA-2019:2060","https://access.redhat.com/errata/RHSA-2019:3525","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122","https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html","https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html"],"published_time":"2019-11-01T23:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-0205","summary":"In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"epss":0.00698,"ranking_epss":0.71926,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/07bd68ad237a5d513751d6d2731a8828f902c738ea57d85c1a72bad3%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/0d058e1bfd11727c4f2e2adf4b6e403a47c38e22431ab20066a1ac79%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/1193444c17f499f92cd198d464a2c1ffc92182c83487345a854914b3%40%3Cuser.thrift.apache.org%3E","https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8%40%3Cuser.thrift.apache.org%3E","https://lists.apache.org/thread.html/3dfa054b89274c9109c26ed1843ca15a14c03786f4016d26773878ae%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/928cae83d20d8d8196c26118f7084aa37573e1d31162381fb9454fb5%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/9f7150d0b02e72d1154721a412e80cf797f1b7cfa295fcefc67b1381%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/a9669756befaeb0f8e08766d3f4d410a0fce85da3a570506f71f0b67%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r0c606d4be9aa163d132edf8edd8eb55e7b9464063b99acbbf6e9e287%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r0d08f5576286f4a042aabde13ecf58979644f6dc210f25aa9a4d469b%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r1b1a92c229ead94d53b3bcde9e624d002b54f1c6fdb830b9f4da20e1%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r3887b48b183b6fa43e59398bd170a99239c0a16264cb5175b5b689d0%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08%40%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/r53c03e1c979b9c628d0d65e0f49dd9a9f9d7572838727ad11b750575%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r569b2b3da41ff45bfacfca6787a4a8728edd556e185b69b140181d9d%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a%40%3Ccommits.thrift.apache.org%3E","https://lists.apache.org/thread.html/r67a704213d13326771f46c84bbd84c8281bb93946e155e0e40abcb4c%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r7859e767c90c8f4971dec50f801372aa64e88f143c3e8a265a36f9b4%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r92b7771afee2625209c36727fefdc77033964e9a1daa81ec3327e625%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r934f312dd5add7276ac2de684d8b237554ff9f34479a812df5fd6aee%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rb139fa1d2714822d8c6e6f3bd6f5d5c91844d313201185c409288fd9%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rba61c1f3a3b1960a6a694775b1a437751eba0825f30188f69387fe90%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/rce0d368a78b42c545f26c2e6e91e2b8a91b27b60d0cb45fe1911d337%40%3Cnotifications.thrift.apache.org%3E","https://lists.apache.org/thread.html/re387dc6ca11cb0b0ce4de8e800bb91ca50fee054b80105f5cd34adcb%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce%40%3Cdev.thrift.apache.org%3E","https://security.gentoo.org/glsa/202107-32","https://www.oracle.com//security-alerts/cpujul2021.html","http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/07bd68ad237a5d513751d6d2731a8828f902c738ea57d85c1a72bad3%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/0d058e1bfd11727c4f2e2adf4b6e403a47c38e22431ab20066a1ac79%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/1193444c17f499f92cd198d464a2c1ffc92182c83487345a854914b3%40%3Cuser.thrift.apache.org%3E","https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8%40%3Cuser.thrift.apache.org%3E","https://lists.apache.org/thread.html/3dfa054b89274c9109c26ed1843ca15a14c03786f4016d26773878ae%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/928cae83d20d8d8196c26118f7084aa37573e1d31162381fb9454fb5%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/9f7150d0b02e72d1154721a412e80cf797f1b7cfa295fcefc67b1381%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/a9669756befaeb0f8e08766d3f4d410a0fce85da3a570506f71f0b67%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r0c606d4be9aa163d132edf8edd8eb55e7b9464063b99acbbf6e9e287%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r0d08f5576286f4a042aabde13ecf58979644f6dc210f25aa9a4d469b%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r1b1a92c229ead94d53b3bcde9e624d002b54f1c6fdb830b9f4da20e1%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r3887b48b183b6fa43e59398bd170a99239c0a16264cb5175b5b689d0%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08%40%3Cdev.hive.apache.org%3E","https://lists.apache.org/thread.html/r53c03e1c979b9c628d0d65e0f49dd9a9f9d7572838727ad11b750575%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r569b2b3da41ff45bfacfca6787a4a8728edd556e185b69b140181d9d%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/r573029c2f8632e3174b9eea7cd57f9c9df33f2f706450e23fc57750a%40%3Ccommits.thrift.apache.org%3E","https://lists.apache.org/thread.html/r67a704213d13326771f46c84bbd84c8281bb93946e155e0e40abcb4c%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d%40%3Cissues.hive.apache.org%3E","https://lists.apache.org/thread.html/r7859e767c90c8f4971dec50f801372aa64e88f143c3e8a265a36f9b4%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r92b7771afee2625209c36727fefdc77033964e9a1daa81ec3327e625%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r934f312dd5add7276ac2de684d8b237554ff9f34479a812df5fd6aee%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rb139fa1d2714822d8c6e6f3bd6f5d5c91844d313201185c409288fd9%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rba61c1f3a3b1960a6a694775b1a437751eba0825f30188f69387fe90%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/rce0d368a78b42c545f26c2e6e91e2b8a91b27b60d0cb45fe1911d337%40%3Cnotifications.thrift.apache.org%3E","https://lists.apache.org/thread.html/re387dc6ca11cb0b0ce4de8e800bb91ca50fee054b80105f5cd34adcb%40%3Cdev.thrift.apache.org%3E","https://lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce%40%3Cdev.thrift.apache.org%3E","https://security.gentoo.org/glsa/202107-32","https://www.oracle.com//security-alerts/cpujul2021.html"],"published_time":"2019-10-29T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-0210","summary":"In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00365,"ranking_epss":0.58501,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142%40%3Ccommits.pulsar.apache.org%3E","https://security.gentoo.org/glsa/202107-32","https://www.oracle.com//security-alerts/cpujul2021.html","http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142%40%3Ccommits.pulsar.apache.org%3E","https://security.gentoo.org/glsa/202107-32","https://www.oracle.com//security-alerts/cpujul2021.html"],"published_time":"2019-10-29T19:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11043","summary":"In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.","cvss":8.7,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":8.7,"epss":0.94062,"ranking_epss":0.99902,"kev":true,"propose_action":"In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.","ransomware_campaign":"Known","references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html","http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html","http://seclists.org/fulldisclosure/2020/Jan/40","https://access.redhat.com/errata/RHSA-2019:3286","https://access.redhat.com/errata/RHSA-2019:3287","https://access.redhat.com/errata/RHSA-2019:3299","https://access.redhat.com/errata/RHSA-2019:3300","https://access.redhat.com/errata/RHSA-2019:3724","https://access.redhat.com/errata/RHSA-2019:3735","https://access.redhat.com/errata/RHSA-2019:3736","https://access.redhat.com/errata/RHSA-2020:0322","https://bugs.php.net/bug.php?id=78599","https://github.com/neex/phuip-fpizdam","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/","https://seclists.org/bugtraq/2020/Jan/44","https://security.netapp.com/advisory/ntap-20191031-0003/","https://support.apple.com/kb/HT210919","https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4166-1/","https://usn.ubuntu.com/4166-2/","https://www.debian.org/security/2019/dsa-4552","https://www.debian.org/security/2019/dsa-4553","https://www.synology.com/security/advisory/Synology_SA_19_36","https://www.tenable.com/security/tns-2021-14","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html","http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html","http://seclists.org/fulldisclosure/2020/Jan/40","https://access.redhat.com/errata/RHSA-2019:3286","https://access.redhat.com/errata/RHSA-2019:3287","https://access.redhat.com/errata/RHSA-2019:3299","https://access.redhat.com/errata/RHSA-2019:3300","https://access.redhat.com/errata/RHSA-2019:3724","https://access.redhat.com/errata/RHSA-2019:3735","https://access.redhat.com/errata/RHSA-2019:3736","https://access.redhat.com/errata/RHSA-2020:0322","https://bugs.php.net/bug.php?id=78599","https://github.com/neex/phuip-fpizdam","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/","https://seclists.org/bugtraq/2020/Jan/44","https://security.netapp.com/advisory/ntap-20191031-0003/","https://support.apple.com/kb/HT210919","https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4166-1/","https://usn.ubuntu.com/4166-2/","https://www.debian.org/security/2019/dsa-4552","https://www.debian.org/security/2019/dsa-4553","https://www.synology.com/security/advisory/Synology_SA_19_36","https://www.tenable.com/security/tns-2021-14","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11043"],"published_time":"2019-10-28T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17596","summary":"Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.0234,"ranking_epss":0.84809,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html","https://access.redhat.com/errata/RHSA-2020:0101","https://access.redhat.com/errata/RHSA-2020:0329","https://github.com/golang/go/issues/34960","https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ","https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html","https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/","https://security.netapp.com/advisory/ntap-20191122-0005/","https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46","https://www.debian.org/security/2019/dsa-4551","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00043.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00044.html","https://access.redhat.com/errata/RHSA-2020:0101","https://access.redhat.com/errata/RHSA-2020:0329","https://github.com/golang/go/issues/34960","https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ","https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html","https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VS3HPSE25ZSGS4RSOTADC67YNOHIGVV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WVOWGM7IQGRO7DS2MCUMYZRQ4TYOZNAS/","https://security.netapp.com/advisory/ntap-20191122-0005/","https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46","https://www.debian.org/security/2019/dsa-4551"],"published_time":"2019-10-24T22:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14287","summary":"In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.0,"cvss_v3":8.8,"epss":0.85814,"ranking_epss":0.99379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html","http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html","http://www.openwall.com/lists/oss-security/2019/10/14/1","http://www.openwall.com/lists/oss-security/2019/10/24/1","http://www.openwall.com/lists/oss-security/2019/10/29/3","http://www.openwall.com/lists/oss-security/2021/09/14/2","https://access.redhat.com/errata/RHBA-2019:3248","https://access.redhat.com/errata/RHSA-2019:3197","https://access.redhat.com/errata/RHSA-2019:3204","https://access.redhat.com/errata/RHSA-2019:3205","https://access.redhat.com/errata/RHSA-2019:3209","https://access.redhat.com/errata/RHSA-2019:3219","https://access.redhat.com/errata/RHSA-2019:3278","https://access.redhat.com/errata/RHSA-2019:3694","https://access.redhat.com/errata/RHSA-2019:3754","https://access.redhat.com/errata/RHSA-2019:3755","https://access.redhat.com/errata/RHSA-2019:3895","https://access.redhat.com/errata/RHSA-2019:3916","https://access.redhat.com/errata/RHSA-2019:3941","https://access.redhat.com/errata/RHSA-2019:4191","https://access.redhat.com/errata/RHSA-2020:0388","https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/","https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287","https://seclists.org/bugtraq/2019/Oct/20","https://seclists.org/bugtraq/2019/Oct/21","https://security.gentoo.org/glsa/202003-12","https://security.netapp.com/advisory/ntap-20191017-0003/","https://support.f5.com/csp/article/K53746212?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us","https://usn.ubuntu.com/4154-1/","https://www.debian.org/security/2019/dsa-4543","https://www.openwall.com/lists/oss-security/2019/10/15/2","https://www.sudo.ws/alerts/minus_1_uid.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html","http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html","http://www.openwall.com/lists/oss-security/2019/10/14/1","http://www.openwall.com/lists/oss-security/2019/10/24/1","http://www.openwall.com/lists/oss-security/2019/10/29/3","http://www.openwall.com/lists/oss-security/2021/09/14/2","https://access.redhat.com/errata/RHBA-2019:3248","https://access.redhat.com/errata/RHSA-2019:3197","https://access.redhat.com/errata/RHSA-2019:3204","https://access.redhat.com/errata/RHSA-2019:3205","https://access.redhat.com/errata/RHSA-2019:3209","https://access.redhat.com/errata/RHSA-2019:3219","https://access.redhat.com/errata/RHSA-2019:3278","https://access.redhat.com/errata/RHSA-2019:3694","https://access.redhat.com/errata/RHSA-2019:3754","https://access.redhat.com/errata/RHSA-2019:3755","https://access.redhat.com/errata/RHSA-2019:3895","https://access.redhat.com/errata/RHSA-2019:3916","https://access.redhat.com/errata/RHSA-2019:3941","https://access.redhat.com/errata/RHSA-2019:4191","https://access.redhat.com/errata/RHSA-2020:0388","https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/","https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287","https://seclists.org/bugtraq/2019/Oct/20","https://seclists.org/bugtraq/2019/Oct/21","https://security.gentoo.org/glsa/202003-12","https://security.netapp.com/advisory/ntap-20191017-0003/","https://support.f5.com/csp/article/K53746212?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us","https://usn.ubuntu.com/4154-1/","https://www.debian.org/security/2019/dsa-4543","https://www.openwall.com/lists/oss-security/2019/10/15/2","https://www.sudo.ws/alerts/minus_1_uid.html"],"published_time":"2019-10-17T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17631","summary":"From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"epss":0.00497,"ranking_epss":0.65803,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://bugs.eclipse.org/bugs/show_bug.cgi?id=552129"],"published_time":"2019-10-17T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2989","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).","cvss":6.8,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.8,"epss":0.02323,"ranking_epss":0.84753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2992","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00898,"ranking_epss":0.75599,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2996","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).","cvss":4.2,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.2,"epss":0.02225,"ranking_epss":0.84463,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://security.netapp.com/advisory/ntap-20191017-0001/","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://security.netapp.com/advisory/ntap-20191017-0001/"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2999","summary":"Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.7,"epss":0.01308,"ranking_epss":0.79753,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:33","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2975","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"epss":0.00488,"ranking_epss":0.65433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2978","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00476,"ranking_epss":0.64843,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2981","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00333,"ranking_epss":0.56138,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2983","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00344,"ranking_epss":0.57026,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2987","summary":"Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00711,"ranking_epss":0.72215,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2988","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00514,"ranking_epss":0.66527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2962","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00476,"ranking_epss":0.64829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2964","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00476,"ranking_epss":0.64829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2973","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00576,"ranking_epss":0.6873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2949","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).","cvss":6.8,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.8,"epss":0.00551,"ranking_epss":0.67939,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://support.f5.com/csp/article/K54213762?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://kc.mcafee.com/corporate/index?page=content&id=SB10315","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://support.f5.com/csp/article/K54213762?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:30","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2945","summary":"Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).","cvss":3.1,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.1,"epss":0.00296,"ranking_epss":0.5282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://access.redhat.com/errata/RHSA-2019:3134","https://access.redhat.com/errata/RHSA-2019:3135","https://access.redhat.com/errata/RHSA-2019:3136","https://access.redhat.com/errata/RHSA-2019:3157","https://access.redhat.com/errata/RHSA-2019:3158","https://access.redhat.com/errata/RHSA-2019:4109","https://access.redhat.com/errata/RHSA-2019:4110","https://access.redhat.com/errata/RHSA-2019:4113","https://access.redhat.com/errata/RHSA-2019:4115","https://access.redhat.com/errata/RHSA-2020:0006","https://access.redhat.com/errata/RHSA-2020:0046","https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html","https://seclists.org/bugtraq/2019/Oct/27","https://seclists.org/bugtraq/2019/Oct/31","https://security.netapp.com/advisory/ntap-20191017-0001/","https://usn.ubuntu.com/4223-1/","https://www.debian.org/security/2019/dsa-4546","https://www.debian.org/security/2019/dsa-4548"],"published_time":"2019-10-16T18:15:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14823","summary":"A flaw was found in the \"Leaf and Chain\" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.","cvss":6.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":6.8,"epss":0.00287,"ranking_epss":0.5211,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:3067","https://access.redhat.com/errata/RHSA-2019:3225","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/","https://access.redhat.com/errata/RHSA-2019:3067","https://access.redhat.com/errata/RHSA-2019:3225","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14823","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEN4DQBE6WOGEP5BQ5X62WZM7ZQEEBG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZZWZLNALV6AOIBIHB3ZMNA5AGZMZAIY/"],"published_time":"2019-10-14T20:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17531","summary":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.","cvss":9.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.8,"epss":0.0119,"ranking_epss":0.78796,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:4192","https://access.redhat.com/errata/RHSA-2020:0159","https://access.redhat.com/errata/RHSA-2020:0160","https://access.redhat.com/errata/RHSA-2020:0161","https://access.redhat.com/errata/RHSA-2020:0164","https://access.redhat.com/errata/RHSA-2020:0445","https://github.com/FasterXML/jackson-databind/issues/2498","https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html","https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","https://security.netapp.com/advisory/ntap-20191024-0005/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://access.redhat.com/errata/RHSA-2019:4192","https://access.redhat.com/errata/RHSA-2020:0159","https://access.redhat.com/errata/RHSA-2020:0160","https://access.redhat.com/errata/RHSA-2020:0161","https://access.redhat.com/errata/RHSA-2020:0164","https://access.redhat.com/errata/RHSA-2020:0445","https://github.com/FasterXML/jackson-databind/issues/2498","https://lists.apache.org/thread.html/b3c90d38f99db546de60fea65f99a924d540fae2285f014b79606ca5%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html","https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","https://security.netapp.com/advisory/ntap-20191024-0005/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2019-10-12T21:15:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14846","summary":"In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.","cvss":7.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":7.3,"epss":0.00153,"ranking_epss":0.361,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html","https://access.redhat.com/errata/RHSA-2019:3201","https://access.redhat.com/errata/RHSA-2019:3202","https://access.redhat.com/errata/RHSA-2019:3203","https://access.redhat.com/errata/RHSA-2019:3207","https://access.redhat.com/errata/RHSA-2020:0756","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846","https://github.com/ansible/ansible/pull/63366","https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","https://www.debian.org/security/2021/dsa-4950","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html","https://access.redhat.com/errata/RHSA-2019:3201","https://access.redhat.com/errata/RHSA-2019:3202","https://access.redhat.com/errata/RHSA-2019:3203","https://access.redhat.com/errata/RHSA-2019:3207","https://access.redhat.com/errata/RHSA-2020:0756","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846","https://github.com/ansible/ansible/pull/63366","https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html","https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html","https://www.debian.org/security/2021/dsa-4950"],"published_time":"2019-10-08T19:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-16943","summary":"A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.","cvss":9.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.8,"epss":0.01841,"ranking_epss":0.82912,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2020:0159","https://access.redhat.com/errata/RHSA-2020:0160","https://access.redhat.com/errata/RHSA-2020:0161","https://access.redhat.com/errata/RHSA-2020:0164","https://access.redhat.com/errata/RHSA-2020:0445","https://github.com/FasterXML/jackson-databind/issues/2478","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E","https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/","https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","https://seclists.org/bugtraq/2019/Oct/6","https://security.netapp.com/advisory/ntap-20191017-0006/","https://www.debian.org/security/2019/dsa-4542","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://access.redhat.com/errata/RHSA-2020:0159","https://access.redhat.com/errata/RHSA-2020:0160","https://access.redhat.com/errata/RHSA-2020:0161","https://access.redhat.com/errata/RHSA-2020:0164","https://access.redhat.com/errata/RHSA-2020:0445","https://github.com/FasterXML/jackson-databind/issues/2478","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd%40%3Ccommits.iceberg.apache.org%3E","https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/10/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q7CANA7KV53JROZDX5Z5P26UG5VN2K43/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TH5VFUN4P7CCIP7KSEXYA5MUTFCUDUJT/","https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062","https://seclists.org/bugtraq/2019/Oct/6","https://security.netapp.com/advisory/ntap-20191017-0006/","https://www.debian.org/security/2019/dsa-4542","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2019-10-01T17:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-17055","summary":"base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"epss":0.00088,"ranking_epss":0.25275,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2020:0790","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/","https://seclists.org/bugtraq/2019/Nov/11","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4185-2/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00039.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","https://access.redhat.com/errata/RHSA-2020:0790","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0edc3f703f7bcaf550774b5d43ab727bcd0fe06b","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b91ee4aa2a2199ba4d4650706c272985a5a32d80","https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6JNEWGIK7QA24OIUUL67QZNJN52NB7T/","https://seclists.org/bugtraq/2019/Nov/11","https://usn.ubuntu.com/4184-1/","https://usn.ubuntu.com/4185-1/","https://usn.ubuntu.com/4185-2/","https://usn.ubuntu.com/4186-1/","https://usn.ubuntu.com/4186-2/"],"published_time":"2019-10-01T14:15:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14816","summary":"There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":5.5,"epss":0.00085,"ranking_epss":0.24719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/08/28/1","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://access.redhat.com/errata/RHSA-2020:0653","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0664","https://access.redhat.com/security/cve/cve-2019-14816","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816","https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.openwall.com/lists/oss-security/2019/08/28/1","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/08/28/1","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0204","https://access.redhat.com/errata/RHSA-2020:0328","https://access.redhat.com/errata/RHSA-2020:0339","https://access.redhat.com/errata/RHSA-2020:0374","https://access.redhat.com/errata/RHSA-2020:0375","https://access.redhat.com/errata/RHSA-2020:0653","https://access.redhat.com/errata/RHSA-2020:0661","https://access.redhat.com/errata/RHSA-2020:0664","https://access.redhat.com/security/cve/cve-2019-14816","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14816","https://github.com/torvalds/linux/commit/7caac62ed598a196d6ddf8d9c121e12e082cac3","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RUDQJXRJQVGHCGR4YZWTQ3ECBI7TXH/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4JZ6AEUKFWBHQAROGMQARJ274PQP2QP/","https://seclists.org/bugtraq/2019/Nov/11","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.openwall.com/lists/oss-security/2019/08/28/1"],"published_time":"2019-09-20T19:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14821","summary":"An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.5,"epss":0.0008,"ranking_epss":0.23818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/09/20/1","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2019:3978","https://access.redhat.com/errata/RHSA-2019:3979","https://access.redhat.com/errata/RHSA-2019:4154","https://access.redhat.com/errata/RHSA-2019:4256","https://access.redhat.com/errata/RHSA-2020:0027","https://access.redhat.com/errata/RHSA-2020:0204","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.debian.org/security/2019/dsa-4531","https://www.oracle.com/security-alerts/cpuapr2020.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.openwall.com/lists/oss-security/2019/09/20/1","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2019:3978","https://access.redhat.com/errata/RHSA-2019:3979","https://access.redhat.com/errata/RHSA-2019:4154","https://access.redhat.com/errata/RHSA-2019:4256","https://access.redhat.com/errata/RHSA-2020:0027","https://access.redhat.com/errata/RHSA-2020:0204","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20191004-0001/","https://usn.ubuntu.com/4157-1/","https://usn.ubuntu.com/4157-2/","https://usn.ubuntu.com/4162-1/","https://usn.ubuntu.com/4162-2/","https://usn.ubuntu.com/4163-1/","https://usn.ubuntu.com/4163-2/","https://www.debian.org/security/2019/dsa-4531","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-09-19T18:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14835","summary":"A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.","cvss":7.2,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.2,"epss":0.00071,"ranking_epss":0.21852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en","http://www.openwall.com/lists/oss-security/2019/09/24/1","http://www.openwall.com/lists/oss-security/2019/10/03/1","http://www.openwall.com/lists/oss-security/2019/10/09/3","http://www.openwall.com/lists/oss-security/2019/10/09/7","https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHSA-2019:2827","https://access.redhat.com/errata/RHSA-2019:2828","https://access.redhat.com/errata/RHSA-2019:2829","https://access.redhat.com/errata/RHSA-2019:2830","https://access.redhat.com/errata/RHSA-2019:2854","https://access.redhat.com/errata/RHSA-2019:2862","https://access.redhat.com/errata/RHSA-2019:2863","https://access.redhat.com/errata/RHSA-2019:2864","https://access.redhat.com/errata/RHSA-2019:2865","https://access.redhat.com/errata/RHSA-2019:2866","https://access.redhat.com/errata/RHSA-2019:2867","https://access.redhat.com/errata/RHSA-2019:2869","https://access.redhat.com/errata/RHSA-2019:2889","https://access.redhat.com/errata/RHSA-2019:2899","https://access.redhat.com/errata/RHSA-2019:2900","https://access.redhat.com/errata/RHSA-2019:2901","https://access.redhat.com/errata/RHSA-2019:2924","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4135-1/","https://usn.ubuntu.com/4135-2/","https://www.debian.org/security/2019/dsa-4531","https://www.openwall.com/lists/oss-security/2019/09/17/1","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html","http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en","http://www.openwall.com/lists/oss-security/2019/09/24/1","http://www.openwall.com/lists/oss-security/2019/10/03/1","http://www.openwall.com/lists/oss-security/2019/10/09/3","http://www.openwall.com/lists/oss-security/2019/10/09/7","https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHSA-2019:2827","https://access.redhat.com/errata/RHSA-2019:2828","https://access.redhat.com/errata/RHSA-2019:2829","https://access.redhat.com/errata/RHSA-2019:2830","https://access.redhat.com/errata/RHSA-2019:2854","https://access.redhat.com/errata/RHSA-2019:2862","https://access.redhat.com/errata/RHSA-2019:2863","https://access.redhat.com/errata/RHSA-2019:2864","https://access.redhat.com/errata/RHSA-2019:2865","https://access.redhat.com/errata/RHSA-2019:2866","https://access.redhat.com/errata/RHSA-2019:2867","https://access.redhat.com/errata/RHSA-2019:2869","https://access.redhat.com/errata/RHSA-2019:2889","https://access.redhat.com/errata/RHSA-2019:2899","https://access.redhat.com/errata/RHSA-2019:2900","https://access.redhat.com/errata/RHSA-2019:2901","https://access.redhat.com/errata/RHSA-2019:2924","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/","https://seclists.org/bugtraq/2019/Nov/11","https://seclists.org/bugtraq/2019/Sep/41","https://security.netapp.com/advisory/ntap-20191031-0005/","https://usn.ubuntu.com/4135-1/","https://usn.ubuntu.com/4135-2/","https://www.debian.org/security/2019/dsa-4531","https://www.openwall.com/lists/oss-security/2019/09/17/1"],"published_time":"2019-09-17T16:15:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14813","summary":"A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.","cvss":7.3,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.3,"epss":0.08454,"ranking_epss":0.92325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html","https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHSA-2019:2594","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813","https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/","https://seclists.org/bugtraq/2019/Sep/15","https://security.gentoo.org/glsa/202004-03","https://www.debian.org/security/2019/dsa-4518","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html","https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHSA-2019:2594","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813","https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/","https://seclists.org/bugtraq/2019/Sep/15","https://security.gentoo.org/glsa/202004-03","https://www.debian.org/security/2019/dsa-4518"],"published_time":"2019-09-06T14:15:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-1125","summary":"An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.\nOn January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125.\nMicrosoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.","cvss":5.6,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.6,"epss":0.17211,"ranking_epss":0.94997,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en","https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHBA-2019:3248","https://access.redhat.com/errata/RHSA-2019:2600","https://access.redhat.com/errata/RHSA-2019:2609","https://access.redhat.com/errata/RHSA-2019:2695","https://access.redhat.com/errata/RHSA-2019:2696","https://access.redhat.com/errata/RHSA-2019:2730","https://access.redhat.com/errata/RHSA-2019:2899","https://access.redhat.com/errata/RHSA-2019:2900","https://access.redhat.com/errata/RHSA-2019:2975","https://access.redhat.com/errata/RHSA-2019:3011","https://access.redhat.com/errata/RHSA-2019:3220","https://kc.mcafee.com/corporate/index?page=content&id=SB10297","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125","https://www.synology.com/security/advisory/Synology_SA_19_32","http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en","https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHBA-2019:3248","https://access.redhat.com/errata/RHSA-2019:2600","https://access.redhat.com/errata/RHSA-2019:2609","https://access.redhat.com/errata/RHSA-2019:2695","https://access.redhat.com/errata/RHSA-2019:2696","https://access.redhat.com/errata/RHSA-2019:2730","https://access.redhat.com/errata/RHSA-2019:2899","https://access.redhat.com/errata/RHSA-2019:2900","https://access.redhat.com/errata/RHSA-2019:2975","https://access.redhat.com/errata/RHSA-2019:3011","https://access.redhat.com/errata/RHSA-2019:3220","https://kc.mcafee.com/corporate/index?page=content&id=SB10297","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125","https://www.synology.com/security/advisory/Synology_SA_19_32"],"published_time":"2019-09-03T18:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10086","summary":"In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.","cvss":7.3,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.3,"epss":0.01239,"ranking_epss":0.79203,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html","http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e","https://access.redhat.com/errata/RHSA-2019:4317","https://access.redhat.com/errata/RHSA-2020:0057","https://access.redhat.com/errata/RHSA-2020:0194","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E","https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E","https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E","https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E","https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E","https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E","https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E","https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E","https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E","https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html","http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e","https://access.redhat.com/errata/RHSA-2019:4317","https://access.redhat.com/errata/RHSA-2020:0057","https://access.redhat.com/errata/RHSA-2020:0194","https://access.redhat.com/errata/RHSA-2020:0804","https://access.redhat.com/errata/RHSA-2020:0805","https://access.redhat.com/errata/RHSA-2020:0806","https://access.redhat.com/errata/RHSA-2020:0811","https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E","https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E","https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E","https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E","https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E","https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E","https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E","https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E","https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E","https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E","https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E","https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E","https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E","https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E","https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E","https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/","https://www.oracle.com//security-alerts/cpujul2021.html","https://www.oracle.com/security-alerts/cpuApr2021.html","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujan2022.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","https://www.oracle.com/security-alerts/cpuoct2021.html"],"published_time":"2019-08-20T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9506","summary":"The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.","cvss":7.6,"cvss_version":3.0,"cvss_v2":4.8,"cvss_v3":7.6,"epss":0.04576,"ranking_epss":0.89181,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://seclists.org/fulldisclosure/2019/Aug/11","http://seclists.org/fulldisclosure/2019/Aug/13","http://seclists.org/fulldisclosure/2019/Aug/14","http://seclists.org/fulldisclosure/2019/Aug/15","http://www.cs.ox.ac.uk/publications/publication12404-abstract.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en","https://access.redhat.com/errata/RHSA-2019:2975","https://access.redhat.com/errata/RHSA-2019:3055","https://access.redhat.com/errata/RHSA-2019:3076","https://access.redhat.com/errata/RHSA-2019:3089","https://access.redhat.com/errata/RHSA-2019:3165","https://access.redhat.com/errata/RHSA-2019:3187","https://access.redhat.com/errata/RHSA-2019:3217","https://access.redhat.com/errata/RHSA-2019:3218","https://access.redhat.com/errata/RHSA-2019:3220","https://access.redhat.com/errata/RHSA-2019:3231","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/","https://www.kb.cert.org/vuls/id/918987/","https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html","http://seclists.org/fulldisclosure/2019/Aug/11","http://seclists.org/fulldisclosure/2019/Aug/13","http://seclists.org/fulldisclosure/2019/Aug/14","http://seclists.org/fulldisclosure/2019/Aug/15","http://www.cs.ox.ac.uk/publications/publication12404-abstract.html","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en","https://access.redhat.com/errata/RHSA-2019:2975","https://access.redhat.com/errata/RHSA-2019:3055","https://access.redhat.com/errata/RHSA-2019:3076","https://access.redhat.com/errata/RHSA-2019:3089","https://access.redhat.com/errata/RHSA-2019:3165","https://access.redhat.com/errata/RHSA-2019:3187","https://access.redhat.com/errata/RHSA-2019:3217","https://access.redhat.com/errata/RHSA-2019:3218","https://access.redhat.com/errata/RHSA-2019:3220","https://access.redhat.com/errata/RHSA-2019:3231","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0204","https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html","https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html","https://usn.ubuntu.com/4115-1/","https://usn.ubuntu.com/4118-1/","https://usn.ubuntu.com/4147-1/","https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/","https://www.kb.cert.org/vuls/id/918987/","https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"],"published_time":"2019-08-14T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9514","summary":"Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"epss":0.09483,"ranking_epss":0.92809,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html","http://seclists.org/fulldisclosure/2019/Aug/16","http://www.openwall.com/lists/oss-security/2019/08/20/1","http://www.openwall.com/lists/oss-security/2023/10/18/8","https://access.redhat.com/errata/RHSA-2019:2594","https://access.redhat.com/errata/RHSA-2019:2661","https://access.redhat.com/errata/RHSA-2019:2682","https://access.redhat.com/errata/RHSA-2019:2690","https://access.redhat.com/errata/RHSA-2019:2726","https://access.redhat.com/errata/RHSA-2019:2766","https://access.redhat.com/errata/RHSA-2019:2769","https://access.redhat.com/errata/RHSA-2019:2796","https://access.redhat.com/errata/RHSA-2019:2861","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3131","https://access.redhat.com/errata/RHSA-2019:3245","https://access.redhat.com/errata/RHSA-2019:3265","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:3906","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://access.redhat.com/errata/RHSA-2019:4040","https://access.redhat.com/errata/RHSA-2019:4041","https://access.redhat.com/errata/RHSA-2019:4042","https://access.redhat.com/errata/RHSA-2019:4045","https://access.redhat.com/errata/RHSA-2019:4269","https://access.redhat.com/errata/RHSA-2019:4273","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0406","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/31","https://seclists.org/bugtraq/2019/Aug/43","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0001/","https://security.netapp.com/advisory/ntap-20190823-0004/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K01988340","https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4308-1/","https://www.debian.org/security/2019/dsa-4503","https://www.debian.org/security/2019/dsa-4508","https://www.debian.org/security/2019/dsa-4520","https://www.debian.org/security/2020/dsa-4669","https://www.synology.com/security/advisory/Synology_SA_19_33","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html","http://seclists.org/fulldisclosure/2019/Aug/16","http://www.openwall.com/lists/oss-security/2019/08/20/1","http://www.openwall.com/lists/oss-security/2023/10/18/8","https://access.redhat.com/errata/RHSA-2019:2594","https://access.redhat.com/errata/RHSA-2019:2661","https://access.redhat.com/errata/RHSA-2019:2682","https://access.redhat.com/errata/RHSA-2019:2690","https://access.redhat.com/errata/RHSA-2019:2726","https://access.redhat.com/errata/RHSA-2019:2766","https://access.redhat.com/errata/RHSA-2019:2769","https://access.redhat.com/errata/RHSA-2019:2796","https://access.redhat.com/errata/RHSA-2019:2861","https://access.redhat.com/errata/RHSA-2019:2925","https://access.redhat.com/errata/RHSA-2019:2939","https://access.redhat.com/errata/RHSA-2019:2955","https://access.redhat.com/errata/RHSA-2019:2966","https://access.redhat.com/errata/RHSA-2019:3131","https://access.redhat.com/errata/RHSA-2019:3245","https://access.redhat.com/errata/RHSA-2019:3265","https://access.redhat.com/errata/RHSA-2019:3892","https://access.redhat.com/errata/RHSA-2019:3906","https://access.redhat.com/errata/RHSA-2019:4018","https://access.redhat.com/errata/RHSA-2019:4019","https://access.redhat.com/errata/RHSA-2019:4020","https://access.redhat.com/errata/RHSA-2019:4021","https://access.redhat.com/errata/RHSA-2019:4040","https://access.redhat.com/errata/RHSA-2019:4041","https://access.redhat.com/errata/RHSA-2019:4042","https://access.redhat.com/errata/RHSA-2019:4045","https://access.redhat.com/errata/RHSA-2019:4269","https://access.redhat.com/errata/RHSA-2019:4273","https://access.redhat.com/errata/RHSA-2019:4352","https://access.redhat.com/errata/RHSA-2020:0406","https://access.redhat.com/errata/RHSA-2020:0727","https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md","https://kb.cert.org/vuls/id/605641/","https://kc.mcafee.com/corporate/index?page=content&id=SB10296","https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19%40%3Cannounce.trafficserver.apache.org%3E","https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7%40%3Cdev.trafficserver.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ/","https://seclists.org/bugtraq/2019/Aug/24","https://seclists.org/bugtraq/2019/Aug/31","https://seclists.org/bugtraq/2019/Aug/43","https://seclists.org/bugtraq/2019/Sep/18","https://security.netapp.com/advisory/ntap-20190823-0001/","https://security.netapp.com/advisory/ntap-20190823-0004/","https://security.netapp.com/advisory/ntap-20190823-0005/","https://support.f5.com/csp/article/K01988340","https://support.f5.com/csp/article/K01988340?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4308-1/","https://www.debian.org/security/2019/dsa-4503","https://www.debian.org/security/2019/dsa-4508","https://www.debian.org/security/2019/dsa-4520","https://www.debian.org/security/2020/dsa-4669","https://www.synology.com/security/advisory/Synology_SA_19_33"],"published_time":"2019-08-13T21:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-14744","summary":"In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.8,"epss":0.01309,"ranking_epss":0.79756,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html","http://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html","https://access.redhat.com/errata/RHSA-2019:2606","https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt","https://lists.debian.org/debian-lts-announce/2019/08/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IRIKH7ZWXELIQT6WSLV7EG3VTFWKZPD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNHO6FZRYBQ2R3UCFDGS66F6DNNTKCMM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYKLUSSEK3YJOVQDL6K2LKGS3354UH6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTFBQRJAU7ITD3TOMPZAUQMYYCAZ6DTX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YIDXQ6CUB5E7Y3MJWCUY4VR42QAE6SCJ/","https://seclists.org/bugtraq/2019/Aug/12","https://seclists.org/bugtraq/2019/Aug/9","https://security.gentoo.org/glsa/201908-07","https://usn.ubuntu.com/4100-1/","https://www.debian.org/security/2019/dsa-4494","https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html","http://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html","https://access.redhat.com/errata/RHSA-2019:2606","https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt","https://lists.debian.org/debian-lts-announce/2019/08/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IRIKH7ZWXELIQT6WSLV7EG3VTFWKZPD/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNHO6FZRYBQ2R3UCFDGS66F6DNNTKCMM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UYKLUSSEK3YJOVQDL6K2LKGS3354UH6L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTFBQRJAU7ITD3TOMPZAUQMYYCAZ6DTX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YIDXQ6CUB5E7Y3MJWCUY4VR42QAE6SCJ/","https://seclists.org/bugtraq/2019/Aug/12","https://seclists.org/bugtraq/2019/Aug/9","https://security.gentoo.org/glsa/201908-07","https://usn.ubuntu.com/4100-1/","https://www.debian.org/security/2019/dsa-4494","https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/"],"published_time":"2019-08-07T15:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10166","summary":"It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00142,"ranking_epss":0.34494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/libvirt-privesc-vulnerabilities","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166","https://security.gentoo.org/glsa/202003-18","https://access.redhat.com/libvirt-privesc-vulnerabilities","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10166","https://security.gentoo.org/glsa/202003-18"],"published_time":"2019-08-02T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10167","summary":"The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.","cvss":8.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.8,"epss":0.00169,"ranking_epss":0.38163,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/libvirt-privesc-vulnerabilities","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167","https://security.gentoo.org/glsa/202003-18","https://access.redhat.com/libvirt-privesc-vulnerabilities","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10167","https://security.gentoo.org/glsa/202003-18"],"published_time":"2019-08-02T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10168","summary":"The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.","cvss":8.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.8,"epss":0.0023,"ranking_epss":0.4574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/libvirt-privesc-vulnerabilities","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168","https://security.gentoo.org/glsa/202003-18","https://access.redhat.com/libvirt-privesc-vulnerabilities","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10168","https://security.gentoo.org/glsa/202003-18"],"published_time":"2019-08-02T13:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10182","summary":"It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.","cvss":8.2,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":8.2,"epss":0.01438,"ranking_epss":0.80666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html","http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182","https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327","https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344","https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html","https://seclists.org/bugtraq/2019/Oct/5","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html","http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182","https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327","https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344","https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html","https://seclists.org/bugtraq/2019/Oct/5"],"published_time":"2019-07-31T22:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10153","summary":"A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.","cvss":5.0,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":5.0,"epss":0.00352,"ranking_epss":0.57625,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2037","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153","https://github.com/ClusterLabs/fence-agents/pull/255","https://github.com/ClusterLabs/fence-agents/pull/272","https://access.redhat.com/errata/RHSA-2019:2037","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153","https://github.com/ClusterLabs/fence-agents/pull/255","https://github.com/ClusterLabs/fence-agents/pull/272"],"published_time":"2019-07-30T23:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16871","summary":"A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01525,"ranking_epss":0.81236,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2696","https://access.redhat.com/errata/RHSA-2019:2730","https://access.redhat.com/errata/RHSA-2020:0740","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871","https://security.netapp.com/advisory/ntap-20211004-0002/","https://support.f5.com/csp/article/K18657134","https://support.f5.com/csp/article/K18657134?utm_source=f5support&amp%3Butm_medium=RSS","https://access.redhat.com/errata/RHSA-2019:2696","https://access.redhat.com/errata/RHSA-2019:2730","https://access.redhat.com/errata/RHSA-2020:0740","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16871","https://security.netapp.com/advisory/ntap-20211004-0002/","https://support.f5.com/csp/article/K18657134","https://support.f5.com/csp/article/K18657134?utm_source=f5support&amp%3Butm_medium=RSS"],"published_time":"2019-07-30T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11775","summary":"All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.","cvss":7.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.4,"epss":0.01505,"ranking_epss":0.81122,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://bugs.eclipse.org/bugs/show_bug.cgi?id=549601","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://bugs.eclipse.org/bugs/show_bug.cgi?id=549601"],"published_time":"2019-07-30T14:15:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2816","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"epss":0.00222,"ranking_epss":0.44833,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://kc.mcafee.com/corporate/index?page=content&id=SB10300","https://lists.debian.org/debian-lts-announce/2019/08/msg00020.html","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://kc.mcafee.com/corporate/index?page=content&id=SB10300","https://lists.debian.org/debian-lts-announce/2019/08/msg00020.html","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/"],"published_time":"2019-07-23T23:15:43","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2805","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.00484,"ranking_epss":0.65231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html","http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://access.redhat.com/errata/RHSA-2019:3708","https://seclists.org/bugtraq/2019/Aug/1","https://support.f5.com/csp/article/K04831884","https://support.f5.com/csp/article/K04831884?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4070-1/","https://usn.ubuntu.com/4070-2/","https://usn.ubuntu.com/4070-3/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html","http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://access.redhat.com/errata/RHSA-2019:3708","https://seclists.org/bugtraq/2019/Aug/1","https://support.f5.com/csp/article/K04831884","https://support.f5.com/csp/article/K04831884?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4070-1/","https://usn.ubuntu.com/4070-2/","https://usn.ubuntu.com/4070-3/"],"published_time":"2019-07-23T23:15:42","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2786","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).","cvss":3.4,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.4,"epss":0.00452,"ranking_epss":0.63728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/"],"published_time":"2019-07-23T23:15:41","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2769","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00552,"ranking_epss":0.67981,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://kc.mcafee.com/corporate/index?page=content&id=SB10300","https://lists.debian.org/debian-lts-announce/2019/08/msg00020.html","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://kc.mcafee.com/corporate/index?page=content&id=SB10300","https://lists.debian.org/debian-lts-announce/2019/08/msg00020.html","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/"],"published_time":"2019-07-23T23:15:40","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2762","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00651,"ranking_epss":0.70825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://kc.mcafee.com/corporate/index?page=content&id=SB10300","https://lists.debian.org/debian-lts-announce/2019/08/msg00020.html","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2494","https://access.redhat.com/errata/RHSA-2019:2495","https://access.redhat.com/errata/RHSA-2019:2585","https://access.redhat.com/errata/RHSA-2019:2590","https://access.redhat.com/errata/RHSA-2019:2592","https://access.redhat.com/errata/RHSA-2019:2737","https://kc.mcafee.com/corporate/index?page=content&id=SB10300","https://lists.debian.org/debian-lts-announce/2019/08/msg00020.html","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","https://usn.ubuntu.com/4080-1/","https://usn.ubuntu.com/4083-1/"],"published_time":"2019-07-23T23:15:39","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2740","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.00409,"ranking_epss":0.61218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html","http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://access.redhat.com/errata/RHSA-2019:3708","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/","https://seclists.org/bugtraq/2019/Aug/1","https://support.f5.com/csp/article/K03444640","https://support.f5.com/csp/article/K03444640?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4070-1/","https://usn.ubuntu.com/4070-2/","https://usn.ubuntu.com/4070-3/","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html","http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html","http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://access.redhat.com/errata/RHSA-2019:3708","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/","https://seclists.org/bugtraq/2019/Aug/1","https://support.f5.com/csp/article/K03444640","https://support.f5.com/csp/article/K03444640?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/4070-1/","https://usn.ubuntu.com/4070-2/","https://usn.ubuntu.com/4070-3/"],"published_time":"2019-07-23T23:15:38","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-1010238","summary":"Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.04532,"ranking_epss":0.89133,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHSA-2019:2571","https://access.redhat.com/errata/RHSA-2019:2582","https://access.redhat.com/errata/RHSA-2019:2594","https://access.redhat.com/errata/RHSA-2019:3234","https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c","https://gitlab.gnome.org/GNOME/pango/-/issues/342","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/","https://seclists.org/bugtraq/2019/Aug/14","https://security.gentoo.org/glsa/201909-03","https://usn.ubuntu.com/4081-1/","https://www.debian.org/security/2019/dsa-4496","https://www.oracle.com/security-alerts/cpuapr2020.html","https://access.redhat.com/errata/RHBA-2019:2824","https://access.redhat.com/errata/RHSA-2019:2571","https://access.redhat.com/errata/RHSA-2019:2582","https://access.redhat.com/errata/RHSA-2019:2594","https://access.redhat.com/errata/RHSA-2019:3234","https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c","https://gitlab.gnome.org/GNOME/pango/-/issues/342","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/","https://seclists.org/bugtraq/2019/Aug/14","https://security.gentoo.org/glsa/201909-03","https://usn.ubuntu.com/4081-1/","https://www.debian.org/security/2019/dsa-4496","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2019-07-19T17:15:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-13616","summary":"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.","cvss":8.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":8.1,"epss":0.06855,"ranking_epss":0.91324,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html","https://access.redhat.com/errata/RHSA-2019:3950","https://access.redhat.com/errata/RHSA-2019:3951","https://access.redhat.com/errata/RHSA-2020:0293","https://bugzilla.libsdl.org/show_bug.cgi?id=4538","https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/","https://security.gentoo.org/glsa/202305-17","https://usn.ubuntu.com/4156-1/","https://usn.ubuntu.com/4156-2/","https://usn.ubuntu.com/4238-1/","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00093.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00094.html","https://access.redhat.com/errata/RHSA-2019:3950","https://access.redhat.com/errata/RHSA-2019:3951","https://access.redhat.com/errata/RHSA-2020:0293","https://bugzilla.libsdl.org/show_bug.cgi?id=4538","https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html","https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6FDFPYUJ7YPY3XB5U75VJHBSVRVIKO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HEH5RO7XZA5DDCO2XOP4QHDEELQQTYV2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UITVW4WTOOCECLLWPQCV7VWMU66DN255/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VDNX3RVXTWELBXQDNERNVVKDGKDF2MPB/","https://security.gentoo.org/glsa/202305-17","https://usn.ubuntu.com/4156-1/","https://usn.ubuntu.com/4156-2/","https://usn.ubuntu.com/4238-1/"],"published_time":"2019-07-16T17:15:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3896","summary":"A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).","cvss":7.0,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.0,"epss":0.00065,"ranking_epss":0.20381,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/108814","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3896","https://security.netapp.com/advisory/ntap-20190710-0002/","https://support.f5.com/csp/article/K04327111","http://www.securityfocus.com/bid/108814","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3896","https://security.netapp.com/advisory/ntap-20190710-0002/","https://support.f5.com/csp/article/K04327111"],"published_time":"2019-06-19T00:15:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10126","summary":"A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.","cvss":5.9,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":5.9,"epss":0.03158,"ranking_epss":0.86875,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html","http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://www.securityfocus.com/bid/108817","https://access.redhat.com/errata/RHSA-2019:3055","https://access.redhat.com/errata/RHSA-2019:3076","https://access.redhat.com/errata/RHSA-2019:3089","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0204","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126","https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html","https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html","https://seclists.org/bugtraq/2019/Jul/33","https://seclists.org/bugtraq/2019/Jun/26","https://security.netapp.com/advisory/ntap-20190710-0002/","https://support.f5.com/csp/article/K95593121","https://usn.ubuntu.com/4093-1/","https://usn.ubuntu.com/4094-1/","https://usn.ubuntu.com/4095-1/","https://usn.ubuntu.com/4095-2/","https://usn.ubuntu.com/4117-1/","https://usn.ubuntu.com/4118-1/","https://www.debian.org/security/2019/dsa-4465","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html","http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html","http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://www.securityfocus.com/bid/108817","https://access.redhat.com/errata/RHSA-2019:3055","https://access.redhat.com/errata/RHSA-2019:3076","https://access.redhat.com/errata/RHSA-2019:3089","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0174","https://access.redhat.com/errata/RHSA-2020:0204","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10126","https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html","https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html","https://seclists.org/bugtraq/2019/Jul/33","https://seclists.org/bugtraq/2019/Jun/26","https://security.netapp.com/advisory/ntap-20190710-0002/","https://support.f5.com/csp/article/K95593121","https://usn.ubuntu.com/4093-1/","https://usn.ubuntu.com/4094-1/","https://usn.ubuntu.com/4095-1/","https://usn.ubuntu.com/4095-2/","https://usn.ubuntu.com/4117-1/","https://usn.ubuntu.com/4118-1/","https://www.debian.org/security/2019/dsa-4465"],"published_time":"2019-06-14T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7845","summary":"Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.10794,"ranking_epss":0.93333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:1476","https://helpx.adobe.com/security/products/flash-player/apsb19-30.html","https://security.gentoo.org/glsa/201908-21","https://access.redhat.com/errata/RHSA-2019:1476","https://helpx.adobe.com/security/products/flash-player/apsb19-30.html","https://security.gentoo.org/glsa/201908-21"],"published_time":"2019-06-12T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10160","summary":"A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.","cvss":9.8,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":9.8,"epss":0.01305,"ranking_epss":0.79735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","https://access.redhat.com/errata/RHSA-2019:1587","https://access.redhat.com/errata/RHSA-2019:1700","https://access.redhat.com/errata/RHSA-2019:2437","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160","https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09","https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e","https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de","https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/","https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html","https://security.netapp.com/advisory/ntap-20190617-0003/","https://usn.ubuntu.com/4127-1/","https://usn.ubuntu.com/4127-2/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","https://access.redhat.com/errata/RHSA-2019:1587","https://access.redhat.com/errata/RHSA-2019:1700","https://access.redhat.com/errata/RHSA-2019:2437","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160","https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09","https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e","https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de","https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/","https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html","https://security.netapp.com/advisory/ntap-20190617-0003/","https://usn.ubuntu.com/4127-1/","https://usn.ubuntu.com/4127-2/"],"published_time":"2019-06-07T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9755","summary":"An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.","cvss":7.0,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.0,"epss":0.00104,"ranking_epss":0.28555,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2019:3723","https://access.redhat.com/errata/RHSA-2019:2308","https://access.redhat.com/errata/RHSA-2019:3345","https://security.gentoo.org/glsa/202007-45","https://www.tuxera.com/community/release-history/","https://access.redhat.com/errata/RHBA-2019:3723","https://access.redhat.com/errata/RHSA-2019:2308","https://access.redhat.com/errata/RHSA-2019:3345","https://security.gentoo.org/glsa/202007-45","https://www.tuxera.com/community/release-history/"],"published_time":"2019-06-05T15:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7837","summary":"Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.02296,"ranking_epss":0.84675,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/108312","https://access.redhat.com/errata/RHSA-2019:1234","https://helpx.adobe.com/security/products/flash-player/apsb19-26.html","https://www.zerodayinitiative.com/advisories/ZDI-19-498/","http://www.securityfocus.com/bid/108312","https://access.redhat.com/errata/RHSA-2019:1234","https://helpx.adobe.com/security/products/flash-player/apsb19-26.html","https://www.zerodayinitiative.com/advisories/ZDI-19-498/"],"published_time":"2019-05-22T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11833","summary":"fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00024,"ranking_epss":0.06448,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://www.securityfocus.com/bid/108372","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64","https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html","https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJGZIMGB72TL7OGWRMHIL43WHXFQWU4X/","https://seclists.org/bugtraq/2019/Jun/26","https://usn.ubuntu.com/4068-1/","https://usn.ubuntu.com/4068-2/","https://usn.ubuntu.com/4069-1/","https://usn.ubuntu.com/4069-2/","https://usn.ubuntu.com/4076-1/","https://usn.ubuntu.com/4095-2/","https://usn.ubuntu.com/4118-1/","https://www.debian.org/security/2019/dsa-4465","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html","http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html","http://www.securityfocus.com/bid/108372","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64","https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html","https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJGZIMGB72TL7OGWRMHIL43WHXFQWU4X/","https://seclists.org/bugtraq/2019/Jun/26","https://usn.ubuntu.com/4068-1/","https://usn.ubuntu.com/4068-2/","https://usn.ubuntu.com/4069-1/","https://usn.ubuntu.com/4069-2/","https://usn.ubuntu.com/4076-1/","https://usn.ubuntu.com/4095-2/","https://usn.ubuntu.com/4118-1/","https://www.debian.org/security/2019/dsa-4465"],"published_time":"2019-05-15T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11811","summary":"An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.","cvss":7.0,"cvss_version":3.0,"cvss_v2":6.9,"cvss_v3":7.0,"epss":0.00069,"ranking_epss":0.21427,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html","http://www.securityfocus.com/bid/108410","https://access.redhat.com/errata/RHSA-2019:1873","https://access.redhat.com/errata/RHSA-2019:1891","https://access.redhat.com/errata/RHSA-2019:1959","https://access.redhat.com/errata/RHSA-2019:1971","https://access.redhat.com/errata/RHSA-2019:4057","https://access.redhat.com/errata/RHSA-2019:4058","https://access.redhat.com/errata/RHSA-2020:0036","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.4","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=401e7e88d4ef80188ffa07095ac00456f901b8c4","https://github.com/torvalds/linux/commit/401e7e88d4ef80188ffa07095ac00456f901b8c4","https://security.netapp.com/advisory/ntap-20190719-0003/","https://support.f5.com/csp/article/K01512680","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html","http://www.securityfocus.com/bid/108410","https://access.redhat.com/errata/RHSA-2019:1873","https://access.redhat.com/errata/RHSA-2019:1891","https://access.redhat.com/errata/RHSA-2019:1959","https://access.redhat.com/errata/RHSA-2019:1971","https://access.redhat.com/errata/RHSA-2019:4057","https://access.redhat.com/errata/RHSA-2019:4058","https://access.redhat.com/errata/RHSA-2020:0036","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.4","https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=401e7e88d4ef80188ffa07095ac00456f901b8c4","https://github.com/torvalds/linux/commit/401e7e88d4ef80188ffa07095ac00456f901b8c4","https://security.netapp.com/advisory/ntap-20190719-0003/","https://support.f5.com/csp/article/K01512680"],"published_time":"2019-05-07T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2697","summary":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.0408,"ranking_epss":0.8852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://security.gentoo.org/glsa/201908-10","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us","https://usn.ubuntu.com/3975-1/","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://security.gentoo.org/glsa/201908-10","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us","https://usn.ubuntu.com/3975-1/"],"published_time":"2019-04-23T19:32:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2698","summary":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.04739,"ranking_epss":0.89379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:1146","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html","https://seclists.org/bugtraq/2019/May/75","https://security.gentoo.org/glsa/201908-10","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us","https://usn.ubuntu.com/3975-1/","https://www.debian.org/security/2019/dsa-4453","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:1146","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html","https://seclists.org/bugtraq/2019/May/75","https://security.gentoo.org/glsa/201908-10","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us","https://usn.ubuntu.com/3975-1/","https://www.debian.org/security/2019/dsa-4453"],"published_time":"2019-04-23T19:32:56","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2684","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.01264,"ranking_epss":0.79413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.openwall.com/lists/oss-security/2020/09/01/4","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:1146","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://access.redhat.com/errata/RHSA-2019:1518","https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cdev.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html","https://seclists.org/bugtraq/2019/May/75","https://security.gentoo.org/glsa/201908-10","https://support.f5.com/csp/article/K11175903?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us","https://usn.ubuntu.com/3975-1/","https://www.debian.org/security/2019/dsa-4453","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.openwall.com/lists/oss-security/2020/09/01/4","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:1146","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://access.redhat.com/errata/RHSA-2019:1518","https://lists.apache.org/thread.html/38a01302c92ae513910d8c851a2d111736565bd698be4e3af3e4c063%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/43530b91506e2e0c11cfbe691173f5df8c48f51b98262426d7493b67%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/71bd3e4e222479c266eaafc8d0c171ef5782a69b52f68df11b650ed7%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/c58d6c3b49c615916b163809f963a55421cac2264885739508e68108%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/f7f54b4888060d99f59993f006e25005a2b58db0c07ff866bdcd6f17%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cdev.cassandra.apache.org%3E","https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html","https://seclists.org/bugtraq/2019/May/75","https://security.gentoo.org/glsa/201908-10","https://support.f5.com/csp/article/K11175903?utm_source=f5support&amp%3Butm_medium=RSS","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us","https://usn.ubuntu.com/3975-1/","https://www.debian.org/security/2019/dsa-4453"],"published_time":"2019-04-23T19:32:55","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2627","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"epss":0.00171,"ranking_epss":0.38435,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:2327","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://access.redhat.com/errata/RHSA-2019:3708","https://support.f5.com/csp/article/K32798641","https://usn.ubuntu.com/3957-1/","https://usn.ubuntu.com/3957-2/","https://usn.ubuntu.com/3957-3/","https://usn.ubuntu.com/4070-3/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:2327","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://access.redhat.com/errata/RHSA-2019:3708","https://support.f5.com/csp/article/K32798641","https://usn.ubuntu.com/3957-1/","https://usn.ubuntu.com/3957-2/","https://usn.ubuntu.com/3957-3/","https://usn.ubuntu.com/4070-3/"],"published_time":"2019-04-23T19:32:52","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2614","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":4.4,"epss":0.00228,"ranking_epss":0.45554,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:2327","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://access.redhat.com/errata/RHSA-2019:3708","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/","https://support.f5.com/csp/article/K52514501","https://usn.ubuntu.com/3957-1/","https://usn.ubuntu.com/3957-2/","https://usn.ubuntu.com/3957-3/","https://usn.ubuntu.com/4070-3/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2019:2327","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://access.redhat.com/errata/RHSA-2019:3708","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/","https://support.f5.com/csp/article/K52514501","https://usn.ubuntu.com/3957-1/","https://usn.ubuntu.com/3957-2/","https://usn.ubuntu.com/3957-3/","https://usn.ubuntu.com/4070-3/"],"published_time":"2019-04-23T19:32:51","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2602","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00233,"ranking_epss":0.46142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:1146","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://access.redhat.com/errata/RHSA-2019:1518","https://kc.mcafee.com/corporate/index?page=content&id=SB10285","https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html","https://seclists.org/bugtraq/2019/May/75","https://security.gentoo.org/glsa/201908-10","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us","https://usn.ubuntu.com/3975-1/","https://www.debian.org/security/2019/dsa-4453","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00007.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:1146","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://access.redhat.com/errata/RHSA-2019:1518","https://kc.mcafee.com/corporate/index?page=content&id=SB10285","https://lists.debian.org/debian-lts-announce/2019/05/msg00011.html","https://seclists.org/bugtraq/2019/May/75","https://security.gentoo.org/glsa/201908-10","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03959en_us","https://usn.ubuntu.com/3975-1/","https://www.debian.org/security/2019/dsa-4453"],"published_time":"2019-04-23T19:32:50","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-0223","summary":"While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.","cvss":7.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.4,"epss":0.00399,"ranking_epss":0.60631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/04/23/4","http://www.securityfocus.com/bid/108044","https://access.redhat.com/errata/RHSA-2019:0886","https://access.redhat.com/errata/RHSA-2019:1398","https://access.redhat.com/errata/RHSA-2019:1399","https://access.redhat.com/errata/RHSA-2019:1400","https://access.redhat.com/errata/RHSA-2019:2777","https://access.redhat.com/errata/RHSA-2019:2778","https://access.redhat.com/errata/RHSA-2019:2779","https://access.redhat.com/errata/RHSA-2019:2780","https://access.redhat.com/errata/RHSA-2019:2781","https://access.redhat.com/errata/RHSA-2019:2782","https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel","https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E","https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E","https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E","https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E","https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E","http://www.openwall.com/lists/oss-security/2019/04/23/4","http://www.securityfocus.com/bid/108044","https://access.redhat.com/errata/RHSA-2019:0886","https://access.redhat.com/errata/RHSA-2019:1398","https://access.redhat.com/errata/RHSA-2019:1399","https://access.redhat.com/errata/RHSA-2019:1400","https://access.redhat.com/errata/RHSA-2019:2777","https://access.redhat.com/errata/RHSA-2019:2778","https://access.redhat.com/errata/RHSA-2019:2779","https://access.redhat.com/errata/RHSA-2019:2780","https://access.redhat.com/errata/RHSA-2019:2781","https://access.redhat.com/errata/RHSA-2019:2782","https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel","https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E","https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E","https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E","https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E","https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"],"published_time":"2019-04-23T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-11235","summary":"FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03401,"ranking_epss":0.87383,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html","https://access.redhat.com/errata/RHSA-2019:1131","https://access.redhat.com/errata/RHSA-2019:1142","https://bugzilla.redhat.com/show_bug.cgi?id=1695748","https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19","https://freeradius.org/security/","https://papers.mathyvanhoef.com/dragonblood.pdf","https://usn.ubuntu.com/3954-1/","https://www.kb.cert.org/vuls/id/871675/","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html","https://access.redhat.com/errata/RHSA-2019:1131","https://access.redhat.com/errata/RHSA-2019:1142","https://bugzilla.redhat.com/show_bug.cgi?id=1695748","https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19","https://freeradius.org/security/","https://papers.mathyvanhoef.com/dragonblood.pdf","https://usn.ubuntu.com/3954-1/","https://www.kb.cert.org/vuls/id/871675/"],"published_time":"2019-04-22T11:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-10245","summary":"In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01529,"ranking_epss":0.81262,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/108094","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588","http://www.securityfocus.com/bid/108094","https://access.redhat.com/errata/RHSA-2019:1163","https://access.redhat.com/errata/RHSA-2019:1164","https://access.redhat.com/errata/RHSA-2019:1165","https://access.redhat.com/errata/RHSA-2019:1166","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:1325","https://bugs.eclipse.org/bugs/show_bug.cgi?id=545588"],"published_time":"2019-04-19T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3459","summary":"A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":6.5,"epss":0.00465,"ranking_epss":0.64333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/06/27/2","http://www.openwall.com/lists/oss-security/2019/06/27/7","http://www.openwall.com/lists/oss-security/2019/06/28/1","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/08/12/1","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0740","https://bugzilla.novell.com/show_bug.cgi?id=1120758","https://bugzilla.redhat.com/show_bug.cgi?id=1663176","https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html","https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047%40kroah.com/","https://marc.info/?l=oss-security&m=154721580222522&w=2","https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html","http://www.openwall.com/lists/oss-security/2019/06/27/2","http://www.openwall.com/lists/oss-security/2019/06/27/7","http://www.openwall.com/lists/oss-security/2019/06/28/1","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/08/12/1","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0740","https://bugzilla.novell.com/show_bug.cgi?id=1120758","https://bugzilla.redhat.com/show_bug.cgi?id=1663176","https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html","https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047%40kroah.com/","https://marc.info/?l=oss-security&m=154721580222522&w=2","https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3459.html"],"published_time":"2019-04-11T16:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3460","summary":"A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.","cvss":6.5,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":6.5,"epss":0.00465,"ranking_epss":0.64333,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/06/27/2","http://www.openwall.com/lists/oss-security/2019/06/27/7","http://www.openwall.com/lists/oss-security/2019/06/28/1","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/08/12/1","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0740","https://bugzilla.redhat.com/show_bug.cgi?id=1663179","https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html","https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047%40kroah.com/","https://marc.info/?l=oss-security&m=154721580222522&w=2","https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html","http://www.openwall.com/lists/oss-security/2019/06/27/2","http://www.openwall.com/lists/oss-security/2019/06/27/7","http://www.openwall.com/lists/oss-security/2019/06/28/1","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/08/12/1","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://access.redhat.com/errata/RHSA-2020:0740","https://bugzilla.redhat.com/show_bug.cgi?id=1663179","https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html","https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047%40kroah.com/","https://marc.info/?l=oss-security&m=154721580222522&w=2","https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-3460.html"],"published_time":"2019-04-11T16:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-0217","summary":"In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.","cvss":7.5,"cvss_version":3.0,"cvss_v2":6.0,"cvss_v3":7.5,"epss":0.43022,"ranking_epss":0.97473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html","http://www.openwall.com/lists/oss-security/2019/04/02/5","http://www.securityfocus.com/bid/107668","https://access.redhat.com/errata/RHSA-2019:2343","https://access.redhat.com/errata/RHSA-2019:3436","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://access.redhat.com/errata/RHSA-2019:4126","https://bugzilla.redhat.com/show_bug.cgi?id=1695020","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/","https://seclists.org/bugtraq/2019/Apr/5","https://security.netapp.com/advisory/ntap-20190423-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","https://usn.ubuntu.com/3937-1/","https://usn.ubuntu.com/3937-2/","https://www.debian.org/security/2019/dsa-4422","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html","http://www.openwall.com/lists/oss-security/2019/04/02/5","http://www.securityfocus.com/bid/107668","https://access.redhat.com/errata/RHSA-2019:2343","https://access.redhat.com/errata/RHSA-2019:3436","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://access.redhat.com/errata/RHSA-2019:4126","https://bugzilla.redhat.com/show_bug.cgi?id=1695020","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E","https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/","https://seclists.org/bugtraq/2019/Apr/5","https://security.netapp.com/advisory/ntap-20190423-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","https://usn.ubuntu.com/3937-1/","https://usn.ubuntu.com/3937-2/","https://www.debian.org/security/2019/dsa-4422","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2019-04-08T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-0160","summary":"Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.","cvss":8.7,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":8.7,"epss":0.0028,"ranking_epss":0.51363,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html","https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html"],"published_time":"2019-03-27T20:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10934","summary":"A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.","cvss":5.4,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":5.4,"epss":0.00414,"ranking_epss":0.61578,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:1159","https://access.redhat.com/errata/RHSA-2019:1160","https://access.redhat.com/errata/RHSA-2019:1161","https://access.redhat.com/errata/RHSA-2019:1162","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934","https://security.netapp.com/advisory/ntap-20190611-0002/","https://access.redhat.com/errata/RHSA-2019:1159","https://access.redhat.com/errata/RHSA-2019:1160","https://access.redhat.com/errata/RHSA-2019:1161","https://access.redhat.com/errata/RHSA-2019:1162","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934","https://security.netapp.com/advisory/ntap-20190611-0002/"],"published_time":"2019-03-27T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3878","summary":"A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.02334,"ranking_epss":0.84791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:0746","https://access.redhat.com/errata/RHSA-2019:0766","https://access.redhat.com/errata/RHSA-2019:0985","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878","https://github.com/Uninett/mod_auth_mellon/pull/196","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/","https://usn.ubuntu.com/3924-1/","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:0746","https://access.redhat.com/errata/RHSA-2019:0766","https://access.redhat.com/errata/RHSA-2019:0985","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878","https://github.com/Uninett/mod_auth_mellon/pull/196","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/","https://usn.ubuntu.com/3924-1/"],"published_time":"2019-03-26T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3835","summary":"It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.","cvss":7.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.3,"epss":0.01643,"ranking_epss":0.81914,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html","http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html","http://www.securityfocus.com/bid/107855","https://access.redhat.com/errata/RHSA-2019:0652","https://access.redhat.com/errata/RHSA-2019:0971","https://bugs.ghostscript.com/show_bug.cgi?id=700585","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835","https://lists.debian.org/debian-lts-announce/2019/04/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A43SRQAEHQCKSEMIBINHUNIGHTDCZD7F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVERLGEU3OV6RNZ2SIBXREWD3BF5H23N/","https://seclists.org/bugtraq/2019/Apr/28","https://seclists.org/bugtraq/2019/Apr/4","https://security.gentoo.org/glsa/202004-03","https://www.debian.org/security/2019/dsa-4432","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html","http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html","http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html","http://www.securityfocus.com/bid/107855","https://access.redhat.com/errata/RHSA-2019:0652","https://access.redhat.com/errata/RHSA-2019:0971","https://bugs.ghostscript.com/show_bug.cgi?id=700585","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3835","https://lists.debian.org/debian-lts-announce/2019/04/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A43SRQAEHQCKSEMIBINHUNIGHTDCZD7F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVERLGEU3OV6RNZ2SIBXREWD3BF5H23N/","https://seclists.org/bugtraq/2019/Apr/28","https://seclists.org/bugtraq/2019/Apr/4","https://security.gentoo.org/glsa/202004-03","https://www.debian.org/security/2019/dsa-4432"],"published_time":"2019-03-25T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3838","summary":"It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.","cvss":7.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.3,"epss":0.01364,"ranking_epss":0.80151,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html","http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html","https://access.redhat.com/errata/RHSA-2019:0652","https://access.redhat.com/errata/RHSA-2019:0971","https://bugs.ghostscript.com/show_bug.cgi?id=700576","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838","https://lists.debian.org/debian-lts-announce/2019/04/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A43SRQAEHQCKSEMIBINHUNIGHTDCZD7F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVERLGEU3OV6RNZ2SIBXREWD3BF5H23N/","https://seclists.org/bugtraq/2019/Apr/28","https://seclists.org/bugtraq/2019/Apr/4","https://security.gentoo.org/glsa/202004-03","https://www.debian.org/security/2019/dsa-4432","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00018.html","http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html","https://access.redhat.com/errata/RHSA-2019:0652","https://access.redhat.com/errata/RHSA-2019:0971","https://bugs.ghostscript.com/show_bug.cgi?id=700576","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838","https://lists.debian.org/debian-lts-announce/2019/04/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A43SRQAEHQCKSEMIBINHUNIGHTDCZD7F/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANBSCZABXQUEQWIKNWJ35IYX24M227EI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVERLGEU3OV6RNZ2SIBXREWD3BF5H23N/","https://seclists.org/bugtraq/2019/Apr/28","https://seclists.org/bugtraq/2019/Apr/4","https://security.gentoo.org/glsa/202004-03","https://www.debian.org/security/2019/dsa-4432"],"published_time":"2019-03-25T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3856","summary":"An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.","cvss":7.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.5,"epss":0.0454,"ranking_epss":0.89143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html","https://access.redhat.com/errata/RHSA-2019:0679","https://access.redhat.com/errata/RHSA-2019:1175","https://access.redhat.com/errata/RHSA-2019:1652","https://access.redhat.com/errata/RHSA-2019:1791","https://access.redhat.com/errata/RHSA-2019:1943","https://access.redhat.com/errata/RHSA-2019:2399","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856","https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/","https://seclists.org/bugtraq/2019/Apr/25","https://security.netapp.com/advisory/ntap-20190327-0005/","https://www.debian.org/security/2019/dsa-4431","https://www.libssh2.org/CVE-2019-3856.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html","https://access.redhat.com/errata/RHSA-2019:0679","https://access.redhat.com/errata/RHSA-2019:1175","https://access.redhat.com/errata/RHSA-2019:1652","https://access.redhat.com/errata/RHSA-2019:1791","https://access.redhat.com/errata/RHSA-2019:1943","https://access.redhat.com/errata/RHSA-2019:2399","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856","https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/","https://seclists.org/bugtraq/2019/Apr/25","https://security.netapp.com/advisory/ntap-20190327-0005/","https://www.debian.org/security/2019/dsa-4431","https://www.libssh2.org/CVE-2019-3856.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2019-03-25T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3857","summary":"An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.","cvss":7.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.5,"epss":0.0454,"ranking_epss":0.89143,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html","https://access.redhat.com/errata/RHSA-2019:0679","https://access.redhat.com/errata/RHSA-2019:1175","https://access.redhat.com/errata/RHSA-2019:1652","https://access.redhat.com/errata/RHSA-2019:1791","https://access.redhat.com/errata/RHSA-2019:1943","https://access.redhat.com/errata/RHSA-2019:2399","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857","https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/","https://seclists.org/bugtraq/2019/Apr/25","https://security.netapp.com/advisory/ntap-20190327-0005/","https://www.debian.org/security/2019/dsa-4431","https://www.libssh2.org/CVE-2019-3857.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html","https://access.redhat.com/errata/RHSA-2019:0679","https://access.redhat.com/errata/RHSA-2019:1175","https://access.redhat.com/errata/RHSA-2019:1652","https://access.redhat.com/errata/RHSA-2019:1791","https://access.redhat.com/errata/RHSA-2019:1943","https://access.redhat.com/errata/RHSA-2019:2399","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857","https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/","https://seclists.org/bugtraq/2019/Apr/25","https://security.netapp.com/advisory/ntap-20190327-0005/","https://www.debian.org/security/2019/dsa-4431","https://www.libssh2.org/CVE-2019-3857.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2019-03-25T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3863","summary":"A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.","cvss":7.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.5,"epss":0.08613,"ranking_epss":0.92401,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html","https://access.redhat.com/errata/RHSA-2019:0679","https://access.redhat.com/errata/RHSA-2019:1175","https://access.redhat.com/errata/RHSA-2019:1652","https://access.redhat.com/errata/RHSA-2019:1791","https://access.redhat.com/errata/RHSA-2019:1943","https://access.redhat.com/errata/RHSA-2019:2399","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863","https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/","https://seclists.org/bugtraq/2019/Apr/25","https://security.netapp.com/advisory/ntap-20190327-0005/","https://www.debian.org/security/2019/dsa-4431","https://www.libssh2.org/CVE-2019-3863.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html","https://access.redhat.com/errata/RHSA-2019:0679","https://access.redhat.com/errata/RHSA-2019:1175","https://access.redhat.com/errata/RHSA-2019:1652","https://access.redhat.com/errata/RHSA-2019:1791","https://access.redhat.com/errata/RHSA-2019:1943","https://access.redhat.com/errata/RHSA-2019:2399","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863","https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/","https://seclists.org/bugtraq/2019/Apr/25","https://security.netapp.com/advisory/ntap-20190327-0005/","https://www.debian.org/security/2019/dsa-4431","https://www.libssh2.org/CVE-2019-3863.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2019-03-25T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9948","summary":"urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"epss":0.0096,"ranking_epss":0.76436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html","http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html","http://www.securityfocus.com/bid/107549","https://access.redhat.com/errata/RHSA-2019:1700","https://access.redhat.com/errata/RHSA-2019:2030","https://access.redhat.com/errata/RHSA-2019:3335","https://access.redhat.com/errata/RHSA-2019:3520","https://bugs.python.org/issue35907","https://github.com/python/cpython/pull/11842","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html","https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/","https://seclists.org/bugtraq/2019/Oct/29","https://security.gentoo.org/glsa/202003-26","https://security.netapp.com/advisory/ntap-20190404-0004/","https://usn.ubuntu.com/4127-1/","https://usn.ubuntu.com/4127-2/","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html","http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html","http://www.securityfocus.com/bid/107549","https://access.redhat.com/errata/RHSA-2019:1700","https://access.redhat.com/errata/RHSA-2019:2030","https://access.redhat.com/errata/RHSA-2019:3335","https://access.redhat.com/errata/RHSA-2019:3520","https://bugs.python.org/issue35907","https://github.com/python/cpython/pull/11842","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html","https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/","https://seclists.org/bugtraq/2019/Oct/29","https://security.gentoo.org/glsa/202003-26","https://security.netapp.com/advisory/ntap-20190404-0004/","https://usn.ubuntu.com/4127-1/","https://usn.ubuntu.com/4127-2/"],"published_time":"2019-03-23T18:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3855","summary":"An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.","cvss":7.5,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.5,"epss":0.16241,"ranking_epss":0.94797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html","http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html","http://seclists.org/fulldisclosure/2019/Sep/42","http://www.openwall.com/lists/oss-security/2019/03/18/3","http://www.securityfocus.com/bid/107485","https://access.redhat.com/errata/RHSA-2019:0679","https://access.redhat.com/errata/RHSA-2019:1175","https://access.redhat.com/errata/RHSA-2019:1652","https://access.redhat.com/errata/RHSA-2019:1791","https://access.redhat.com/errata/RHSA-2019:1943","https://access.redhat.com/errata/RHSA-2019:2399","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855","https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/","https://seclists.org/bugtraq/2019/Apr/25","https://seclists.org/bugtraq/2019/Mar/25","https://seclists.org/bugtraq/2019/Sep/49","https://security.netapp.com/advisory/ntap-20190327-0005/","https://support.apple.com/kb/HT210609","https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767","https://www.debian.org/security/2019/dsa-4431","https://www.libssh2.org/CVE-2019-3855.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html","http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html","http://seclists.org/fulldisclosure/2019/Sep/42","http://www.openwall.com/lists/oss-security/2019/03/18/3","http://www.securityfocus.com/bid/107485","https://access.redhat.com/errata/RHSA-2019:0679","https://access.redhat.com/errata/RHSA-2019:1175","https://access.redhat.com/errata/RHSA-2019:1652","https://access.redhat.com/errata/RHSA-2019:1791","https://access.redhat.com/errata/RHSA-2019:1943","https://access.redhat.com/errata/RHSA-2019:2399","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855","https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/","https://seclists.org/bugtraq/2019/Apr/25","https://seclists.org/bugtraq/2019/Mar/25","https://seclists.org/bugtraq/2019/Sep/49","https://security.netapp.com/advisory/ntap-20190327-0005/","https://support.apple.com/kb/HT210609","https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767","https://www.debian.org/security/2019/dsa-4431","https://www.libssh2.org/CVE-2019-3855.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2019-03-21T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7222","summary":"The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00042,"ranking_epss":0.13001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html","http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html","http://www.openwall.com/lists/oss-security/2019/02/18/2","http://www.securityfocus.com/bid/106963","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://bugs.chromium.org/p/project-zero/issues/detail?id=1759","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a","https://github.com/torvalds/linux/commits/master/arch/x86/kvm","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/","https://security.netapp.com/advisory/ntap-20190404-0002/","https://usn.ubuntu.com/3930-1/","https://usn.ubuntu.com/3930-2/","https://usn.ubuntu.com/3931-1/","https://usn.ubuntu.com/3931-2/","https://usn.ubuntu.com/3932-1/","https://usn.ubuntu.com/3932-2/","https://usn.ubuntu.com/3933-1/","https://usn.ubuntu.com/3933-2/","http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html","http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html","http://www.openwall.com/lists/oss-security/2019/02/18/2","http://www.securityfocus.com/bid/106963","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://access.redhat.com/errata/RHSA-2019:3309","https://access.redhat.com/errata/RHSA-2019:3517","https://bugs.chromium.org/p/project-zero/issues/detail?id=1759","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a","https://github.com/torvalds/linux/commits/master/arch/x86/kvm","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/","https://security.netapp.com/advisory/ntap-20190404-0002/","https://usn.ubuntu.com/3930-1/","https://usn.ubuntu.com/3930-2/","https://usn.ubuntu.com/3931-1/","https://usn.ubuntu.com/3931-2/","https://usn.ubuntu.com/3932-1/","https://usn.ubuntu.com/3932-2/","https://usn.ubuntu.com/3933-1/","https://usn.ubuntu.com/3933-2/"],"published_time":"2019-03-21T16:01:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7221","summary":"The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00054,"ranking_epss":0.17184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html","http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html","http://www.openwall.com/lists/oss-security/2019/02/18/2","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:0818","https://access.redhat.com/errata/RHSA-2019:0833","https://access.redhat.com/errata/RHSA-2019:3967","https://access.redhat.com/errata/RHSA-2019:4058","https://bugs.chromium.org/p/project-zero/issues/detail?id=1760","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f","https://github.com/torvalds/linux/commits/master/arch/x86/kvm","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/","https://security.netapp.com/advisory/ntap-20190404-0002/","https://support.f5.com/csp/article/K08413011","https://usn.ubuntu.com/3930-1/","https://usn.ubuntu.com/3930-2/","https://usn.ubuntu.com/3931-1/","https://usn.ubuntu.com/3931-2/","https://usn.ubuntu.com/3932-1/","https://usn.ubuntu.com/3932-2/","http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html","http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html","http://www.openwall.com/lists/oss-security/2019/02/18/2","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:0818","https://access.redhat.com/errata/RHSA-2019:0833","https://access.redhat.com/errata/RHSA-2019:3967","https://access.redhat.com/errata/RHSA-2019:4058","https://bugs.chromium.org/p/project-zero/issues/detail?id=1760","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f","https://github.com/torvalds/linux/commits/master/arch/x86/kvm","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/","https://security.netapp.com/advisory/ntap-20190404-0002/","https://support.f5.com/csp/article/K08413011","https://usn.ubuntu.com/3930-1/","https://usn.ubuntu.com/3930-2/","https://usn.ubuntu.com/3931-1/","https://usn.ubuntu.com/3931-2/","https://usn.ubuntu.com/3932-1/","https://usn.ubuntu.com/3932-2/"],"published_time":"2019-03-21T16:01:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6454","summary":"An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.00111,"ranking_epss":0.29711,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html","http://www.openwall.com/lists/oss-security/2019/02/18/3","http://www.openwall.com/lists/oss-security/2019/02/19/1","http://www.openwall.com/lists/oss-security/2021/07/20/2","http://www.securityfocus.com/bid/107081","https://access.redhat.com/errata/RHSA-2019:0368","https://access.redhat.com/errata/RHSA-2019:0990","https://access.redhat.com/errata/RHSA-2019:1322","https://access.redhat.com/errata/RHSA-2019:1502","https://access.redhat.com/errata/RHSA-2019:2805","https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c","https://kc.mcafee.com/corporate/index?page=content&id=SB10278","https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/","https://security.netapp.com/advisory/ntap-20190327-0004/","https://usn.ubuntu.com/3891-1/","https://www.debian.org/security/2019/dsa-4393","http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html","http://www.openwall.com/lists/oss-security/2019/02/18/3","http://www.openwall.com/lists/oss-security/2019/02/19/1","http://www.openwall.com/lists/oss-security/2021/07/20/2","http://www.securityfocus.com/bid/107081","https://access.redhat.com/errata/RHSA-2019:0368","https://access.redhat.com/errata/RHSA-2019:0990","https://access.redhat.com/errata/RHSA-2019:1322","https://access.redhat.com/errata/RHSA-2019:1502","https://access.redhat.com/errata/RHSA-2019:2805","https://github.com/systemd/systemd/commits/master/src/libsystemd/sd-bus/bus-objects.c","https://kc.mcafee.com/corporate/index?page=content&id=SB10278","https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N67IOBOTDOMVNQJ5QRU2MXLEECXPGNVJ/","https://security.netapp.com/advisory/ntap-20190327-0004/","https://usn.ubuntu.com/3891-1/","https://www.debian.org/security/2019/dsa-4393"],"published_time":"2019-03-21T16:01:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6116","summary":"In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.67511,"ranking_epss":0.98565,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html","http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html","http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html","http://www.openwall.com/lists/oss-security/2019/01/23/5","http://www.openwall.com/lists/oss-security/2019/03/21/1","http://www.securityfocus.com/bid/106700","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.chromium.org/p/project-zero/issues/detail?id=1729","https://bugs.ghostscript.com/show_bug.cgi?id=700317","https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/","https://seclists.org/bugtraq/2019/Apr/4","https://security.gentoo.org/glsa/202004-03","https://usn.ubuntu.com/3866-1/","https://www.debian.org/security/2019/dsa-4372","https://www.exploit-db.com/exploits/46242/","http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html","http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html","http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html","http://www.openwall.com/lists/oss-security/2019/01/23/5","http://www.openwall.com/lists/oss-security/2019/03/21/1","http://www.securityfocus.com/bid/106700","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.chromium.org/p/project-zero/issues/detail?id=1729","https://bugs.ghostscript.com/show_bug.cgi?id=700317","https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/","https://seclists.org/bugtraq/2019/Apr/4","https://security.gentoo.org/glsa/202004-03","https://usn.ubuntu.com/3866-1/","https://www.debian.org/security/2019/dsa-4372","https://www.exploit-db.com/exploits/46242/"],"published_time":"2019-03-21T16:01:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3816","summary":"Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00736,"ranking_epss":0.72777,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://bugzilla.suse.com/show_bug.cgi?id=1122623","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html","http://www.securityfocus.com/bid/107368","http://www.securityfocus.com/bid/107409","https://access.redhat.com/errata/RHSA-2019:0638","https://access.redhat.com/errata/RHSA-2019:0972","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/","http://bugzilla.suse.com/show_bug.cgi?id=1122623","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00006.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00065.html","http://www.securityfocus.com/bid/107368","http://www.securityfocus.com/bid/107409","https://access.redhat.com/errata/RHSA-2019:0638","https://access.redhat.com/errata/RHSA-2019:0972","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3816","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V5HJ355RSKMFQ7GRJAHRZNDVXASF7TA/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2HEZ7D7GF3HDF36JLGYXIK5URR66DS4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CXQP7UDPRZIZ4LM7FEJCTC2EDUYVOR2J/"],"published_time":"2019-03-14T22:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-9636","summary":"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.","cvss":9.8,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":9.8,"epss":0.08786,"ranking_epss":0.92491,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","http://www.securityfocus.com/bid/107400","https://access.redhat.com/errata/RHBA-2019:0763","https://access.redhat.com/errata/RHBA-2019:0764","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:0710","https://access.redhat.com/errata/RHSA-2019:0765","https://access.redhat.com/errata/RHSA-2019:0806","https://access.redhat.com/errata/RHSA-2019:0902","https://access.redhat.com/errata/RHSA-2019:0981","https://access.redhat.com/errata/RHSA-2019:0997","https://access.redhat.com/errata/RHSA-2019:1467","https://access.redhat.com/errata/RHSA-2019:2980","https://access.redhat.com/errata/RHSA-2019:3170","https://bugs.python.org/issue36216","https://github.com/python/cpython/pull/12201","https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html","https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/","https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html","https://security.gentoo.org/glsa/202003-26","https://security.netapp.com/advisory/ntap-20190517-0001/","https://usn.ubuntu.com/4127-1/","https://usn.ubuntu.com/4127-2/","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2022.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00097.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00024.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","http://www.securityfocus.com/bid/107400","https://access.redhat.com/errata/RHBA-2019:0763","https://access.redhat.com/errata/RHBA-2019:0764","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:0710","https://access.redhat.com/errata/RHSA-2019:0765","https://access.redhat.com/errata/RHSA-2019:0806","https://access.redhat.com/errata/RHSA-2019:0902","https://access.redhat.com/errata/RHSA-2019:0981","https://access.redhat.com/errata/RHSA-2019:0997","https://access.redhat.com/errata/RHSA-2019:1467","https://access.redhat.com/errata/RHSA-2019:2980","https://access.redhat.com/errata/RHSA-2019:3170","https://bugs.python.org/issue36216","https://github.com/python/cpython/pull/12201","https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html","https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFBAAGM27H73OLYBUA2IAZFSUN6KGLME/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFAXBEY2TGOBDRKTR556JBXBVFSAKD6I/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L25RTMKCF62DLC2XVSNXGX7C7HXISLVM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/","https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html","https://security.gentoo.org/glsa/202003-26","https://security.netapp.com/advisory/ntap-20190517-0001/","https://usn.ubuntu.com/4127-1/","https://usn.ubuntu.com/4127-2/","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2019-03-08T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12405","summary":"Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.1029,"ranking_epss":0.93153,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/","http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/"],"published_time":"2019-02-28T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18492","summary":"A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.33845,"ranking_epss":0.96936,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/show_bug.cgi?id=1499861","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/","http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/show_bug.cgi?id=1499861","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/"],"published_time":"2019-02-28T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18493","summary":"A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.24302,"ranking_epss":0.96067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/show_bug.cgi?id=1504452","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/","http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/show_bug.cgi?id=1504452","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/"],"published_time":"2019-02-28T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18494","summary":"A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01073,"ranking_epss":0.77718,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/show_bug.cgi?id=1487964","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/","http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/show_bug.cgi?id=1487964","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/"],"published_time":"2019-02-28T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18498","summary":"A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.07848,"ranking_epss":0.91972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/show_bug.cgi?id=1500011","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/","http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://bugzilla.mozilla.org/show_bug.cgi?id=1500011","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201903-04","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","https://www.mozilla.org/security/advisories/mfsa2018-29/","https://www.mozilla.org/security/advisories/mfsa2018-30/","https://www.mozilla.org/security/advisories/mfsa2018-31/"],"published_time":"2019-02-28T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12389","summary":"Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01766,"ranking_epss":0.8258,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105723","http://www.securityfocus.com/bid/105769","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://access.redhat.com/errata/RHSA-2018:3531","https://access.redhat.com/errata/RHSA-2018:3532","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201811-04","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4324","https://www.debian.org/security/2018/dsa-4337","https://www.mozilla.org/security/advisories/mfsa2018-27/","https://www.mozilla.org/security/advisories/mfsa2018-28/","http://www.securityfocus.com/bid/105723","http://www.securityfocus.com/bid/105769","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://access.redhat.com/errata/RHSA-2018:3531","https://access.redhat.com/errata/RHSA-2018:3532","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201811-04","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4324","https://www.debian.org/security/2018/dsa-4337","https://www.mozilla.org/security/advisories/mfsa2018-27/","https://www.mozilla.org/security/advisories/mfsa2018-28/"],"published_time":"2019-02-28T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12390","summary":"Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.07182,"ranking_epss":0.91546,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105718","http://www.securityfocus.com/bid/105769","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://access.redhat.com/errata/RHSA-2018:3531","https://access.redhat.com/errata/RHSA-2018:3532","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201811-04","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3801-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4324","https://www.debian.org/security/2018/dsa-4337","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/","https://www.mozilla.org/security/advisories/mfsa2018-28/","http://www.securityfocus.com/bid/105718","http://www.securityfocus.com/bid/105769","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://access.redhat.com/errata/RHSA-2018:3531","https://access.redhat.com/errata/RHSA-2018:3532","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1487098%2C1487660%2C1490234%2C1496159%2C1443748%2C1496340%2C1483905%2C1493347%2C1488803%2C1498701%2C1498482%2C1442010%2C1495245%2C1483699%2C1469486%2C1484905%2C1490561%2C1492524%2C1481844","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201811-04","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3801-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4324","https://www.debian.org/security/2018/dsa-4337","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/","https://www.mozilla.org/security/advisories/mfsa2018-28/"],"published_time":"2019-02-28T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12392","summary":"When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.07848,"ranking_epss":0.91972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105718","http://www.securityfocus.com/bid/105769","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://access.redhat.com/errata/RHSA-2018:3531","https://access.redhat.com/errata/RHSA-2018:3532","https://bugzilla.mozilla.org/show_bug.cgi?id=1492823","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201811-04","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3801-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4324","https://www.debian.org/security/2018/dsa-4337","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/","https://www.mozilla.org/security/advisories/mfsa2018-28/","http://www.securityfocus.com/bid/105718","http://www.securityfocus.com/bid/105769","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://access.redhat.com/errata/RHSA-2018:3531","https://access.redhat.com/errata/RHSA-2018:3532","https://bugzilla.mozilla.org/show_bug.cgi?id=1492823","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201811-04","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3801-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4324","https://www.debian.org/security/2018/dsa-4337","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/","https://www.mozilla.org/security/advisories/mfsa2018-28/"],"published_time":"2019-02-28T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12393","summary":"A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.05776,"ranking_epss":0.90452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105718","http://www.securityfocus.com/bid/105769","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://access.redhat.com/errata/RHSA-2018:3531","https://access.redhat.com/errata/RHSA-2018:3532","https://bugzilla.mozilla.org/show_bug.cgi?id=1495011","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201811-04","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3801-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4324","https://www.debian.org/security/2018/dsa-4337","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/","https://www.mozilla.org/security/advisories/mfsa2018-28/","http://www.securityfocus.com/bid/105718","http://www.securityfocus.com/bid/105769","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://access.redhat.com/errata/RHSA-2018:3531","https://access.redhat.com/errata/RHSA-2018:3532","https://bugzilla.mozilla.org/show_bug.cgi?id=1495011","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201811-04","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3801-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4324","https://www.debian.org/security/2018/dsa-4337","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/","https://www.mozilla.org/security/advisories/mfsa2018-28/"],"published_time":"2019-02-28T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12395","summary":"By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.02916,"ranking_epss":0.86338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105718","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://bugzilla.mozilla.org/show_bug.cgi?id=1467523","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://security.gentoo.org/glsa/201811-04","https://usn.ubuntu.com/3801-1/","https://www.debian.org/security/2018/dsa-4324","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/","http://www.securityfocus.com/bid/105718","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://bugzilla.mozilla.org/show_bug.cgi?id=1467523","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://security.gentoo.org/glsa/201811-04","https://usn.ubuntu.com/3801-1/","https://www.debian.org/security/2018/dsa-4324","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/"],"published_time":"2019-02-28T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12396","summary":"A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01138,"ranking_epss":0.78365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105718","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://bugzilla.mozilla.org/show_bug.cgi?id=1483602","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://security.gentoo.org/glsa/201811-04","https://usn.ubuntu.com/3801-1/","https://www.debian.org/security/2018/dsa-4324","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/","http://www.securityfocus.com/bid/105718","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://bugzilla.mozilla.org/show_bug.cgi?id=1483602","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://security.gentoo.org/glsa/201811-04","https://usn.ubuntu.com/3801-1/","https://www.debian.org/security/2018/dsa-4324","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/"],"published_time":"2019-02-28T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12397","summary":"A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.","cvss":7.1,"cvss_version":3.0,"cvss_v2":3.6,"cvss_v3":7.1,"epss":0.00068,"ranking_epss":0.21093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105718","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://bugzilla.mozilla.org/show_bug.cgi?id=1487478","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://security.gentoo.org/glsa/201811-04","https://usn.ubuntu.com/3801-1/","https://www.debian.org/security/2018/dsa-4324","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/","http://www.securityfocus.com/bid/105718","http://www.securitytracker.com/id/1041944","https://access.redhat.com/errata/RHSA-2018:3005","https://access.redhat.com/errata/RHSA-2018:3006","https://bugzilla.mozilla.org/show_bug.cgi?id=1487478","https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html","https://security.gentoo.org/glsa/201811-04","https://usn.ubuntu.com/3801-1/","https://www.debian.org/security/2018/dsa-4324","https://www.mozilla.org/security/advisories/mfsa2018-26/","https://www.mozilla.org/security/advisories/mfsa2018-27/"],"published_time":"2019-02-28T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-1559","summary":"If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.06392,"ranking_epss":0.90982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html","http://www.securityfocus.com/bid/107174","https://access.redhat.com/errata/RHSA-2019:2304","https://access.redhat.com/errata/RHSA-2019:2437","https://access.redhat.com/errata/RHSA-2019:2439","https://access.redhat.com/errata/RHSA-2019:2471","https://access.redhat.com/errata/RHSA-2019:3929","https://access.redhat.com/errata/RHSA-2019:3931","https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e","https://kc.mcafee.com/corporate/index?page=content&id=SB10282","https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/","https://security.gentoo.org/glsa/201903-10","https://security.netapp.com/advisory/ntap-20190301-0001/","https://security.netapp.com/advisory/ntap-20190301-0002/","https://security.netapp.com/advisory/ntap-20190423-0002/","https://support.f5.com/csp/article/K18549143","https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3899-1/","https://usn.ubuntu.com/4376-2/","https://www.debian.org/security/2019/dsa-4400","https://www.openssl.org/news/secadv/20190226.txt","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.tenable.com/security/tns-2019-02","https://www.tenable.com/security/tns-2019-03","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html","http://www.securityfocus.com/bid/107174","https://access.redhat.com/errata/RHSA-2019:2304","https://access.redhat.com/errata/RHSA-2019:2437","https://access.redhat.com/errata/RHSA-2019:2439","https://access.redhat.com/errata/RHSA-2019:2471","https://access.redhat.com/errata/RHSA-2019:3929","https://access.redhat.com/errata/RHSA-2019:3931","https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e","https://kc.mcafee.com/corporate/index?page=content&id=SB10282","https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/","https://security.gentoo.org/glsa/201903-10","https://security.netapp.com/advisory/ntap-20190301-0001/","https://security.netapp.com/advisory/ntap-20190301-0002/","https://security.netapp.com/advisory/ntap-20190423-0002/","https://support.f5.com/csp/article/K18549143","https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3899-1/","https://usn.ubuntu.com/4376-2/","https://www.debian.org/security/2019/dsa-4400","https://www.openssl.org/news/secadv/20190226.txt","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","https://www.tenable.com/security/tns-2019-02","https://www.tenable.com/security/tns-2019-03"],"published_time":"2019-02-27T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5780","summary":"Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00029,"ranking_epss":0.08244,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/891697","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/891697","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5781","summary":"Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00804,"ranking_epss":0.74078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/896725","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/896725","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5782","summary":"Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.79607,"ranking_epss":0.99083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/906043","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/906043","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5766","summary":"Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00828,"ranking_epss":0.74465,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/907047","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/907047","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5767","summary":"Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0046,"ranking_epss":0.64108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/902427","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/902427","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5768","summary":"DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0046,"ranking_epss":0.64108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/805557","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/805557","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5769","summary":"Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/913975","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/913975","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5770","summary":"Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01066,"ranking_epss":0.77656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/908749","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/908749","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5771","summary":"An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01441,"ranking_epss":0.80686,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/904265","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/904265","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5772","summary":"Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/908292","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/908292","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5773","summary":"Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00272,"ranking_epss":0.50598,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/917668","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/917668","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5774","summary":"Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00866,"ranking_epss":0.75088,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/904182","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/904182","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5775","summary":"Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00804,"ranking_epss":0.74078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/896722","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/896722","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5776","summary":"Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00804,"ranking_epss":0.74078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/863663","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/863663","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5777","summary":"Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00804,"ranking_epss":0.74078,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/849421","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/849421","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5778","summary":"A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00465,"ranking_epss":0.64334,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/918470","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/918470","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5779","summary":"Insufficient policy validation in ServiceWorker in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00617,"ranking_epss":0.6988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/904219","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/904219","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5754","summary":"Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0012,"ranking_epss":0.31043,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/914497","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/914497","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5755","summary":"Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.","cvss":8.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":8.1,"epss":0.00828,"ranking_epss":0.74465,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/913296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/913296","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5756","summary":"Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02399,"ranking_epss":0.85005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/895152","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/895152","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5757","summary":"An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/915469","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/915469","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5758","summary":"Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/913970","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/913970","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5759","summary":"Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.","cvss":9.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.6,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/912211","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/912211","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5760","summary":"Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01442,"ranking_epss":0.80692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/912074","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/912074","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5761","summary":"Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01181,"ranking_epss":0.78728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/904714","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/904714","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5762","summary":"Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02399,"ranking_epss":0.85005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/900552","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/900552","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5763","summary":"Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/914731","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/914731","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5764","summary":"Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01442,"ranking_epss":0.80692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/913246","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/913246","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5765","summary":"An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00126,"ranking_epss":0.31985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/922627","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395","http://www.securityfocus.com/bid/106767","https://access.redhat.com/errata/RHSA-2019:0309","https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html","https://crbug.com/922627","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/","https://www.debian.org/security/2019/dsa-4395"],"published_time":"2019-02-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8379","summary":"An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00254,"ranking_epss":0.4868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2332","https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/","https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-the-function-be_uint32_read-advancecomp/","https://sourceforge.net/p/advancemame/bugs/271/","https://access.redhat.com/errata/RHSA-2019:2332","https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/","https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-the-function-be_uint32_read-advancecomp/","https://sourceforge.net/p/advancemame/bugs/271/"],"published_time":"2019-02-17T02:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8383","summary":"An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00314,"ranking_epss":0.54557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2332","https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/","https://research.loginsoft.com/bugs/invalid-memory-access-in-adv_png_unfilter_8-advancecomp/","https://sourceforge.net/p/advancemame/bugs/272/","https://access.redhat.com/errata/RHSA-2019:2332","https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/","https://research.loginsoft.com/bugs/invalid-memory-access-in-adv_png_unfilter_8-advancecomp/","https://sourceforge.net/p/advancemame/bugs/272/"],"published_time":"2019-02-17T02:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6974","summary":"In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.07916,"ranking_epss":0.92013,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9","http://www.securityfocus.com/bid/107127","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:0818","https://access.redhat.com/errata/RHSA-2019:0833","https://access.redhat.com/errata/RHSA-2019:2809","https://access.redhat.com/errata/RHSA-2019:3967","https://access.redhat.com/errata/RHSA-2020:0103","https://bugs.chromium.org/p/project-zero/issues/detail?id=1765","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156","https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://support.f5.com/csp/article/K11186236","https://support.f5.com/csp/article/K11186236?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3930-1/","https://usn.ubuntu.com/3930-2/","https://usn.ubuntu.com/3931-1/","https://usn.ubuntu.com/3931-2/","https://usn.ubuntu.com/3932-1/","https://usn.ubuntu.com/3932-2/","https://usn.ubuntu.com/3933-1/","https://usn.ubuntu.com/3933-2/","https://www.exploit-db.com/exploits/46388/","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9","http://www.securityfocus.com/bid/107127","https://access.redhat.com/errata/RHBA-2019:0959","https://access.redhat.com/errata/RHSA-2019:0818","https://access.redhat.com/errata/RHSA-2019:0833","https://access.redhat.com/errata/RHSA-2019:2809","https://access.redhat.com/errata/RHSA-2019:3967","https://access.redhat.com/errata/RHSA-2020:0103","https://bugs.chromium.org/p/project-zero/issues/detail?id=1765","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.99","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156","https://github.com/torvalds/linux/commit/cfa39381173d5f969daf43582c95ad679189cbc9","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://support.f5.com/csp/article/K11186236","https://support.f5.com/csp/article/K11186236?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3930-1/","https://usn.ubuntu.com/3930-2/","https://usn.ubuntu.com/3931-1/","https://usn.ubuntu.com/3931-2/","https://usn.ubuntu.com/3932-1/","https://usn.ubuntu.com/3932-2/","https://usn.ubuntu.com/3933-1/","https://usn.ubuntu.com/3933-2/","https://www.exploit-db.com/exploits/46388/"],"published_time":"2019-02-15T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-8308","summary":"Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.","cvss":8.2,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":8.2,"epss":0.00064,"ranking_epss":0.2011,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html","https://access.redhat.com/errata/RHSA-2019:0375","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059","https://github.com/flatpak/flatpak/releases/tag/1.0.7","https://github.com/flatpak/flatpak/releases/tag/1.2.3","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html","https://access.redhat.com/errata/RHSA-2019:0375","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059","https://github.com/flatpak/flatpak/releases/tag/1.0.7","https://github.com/flatpak/flatpak/releases/tag/1.2.3"],"published_time":"2019-02-12T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-5736","summary":"runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.","cvss":8.6,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.6,"epss":0.55296,"ranking_epss":0.98056,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html","http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html","http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html","http://www.openwall.com/lists/oss-security/2019/03/23/1","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/07/06/3","http://www.openwall.com/lists/oss-security/2019/07/06/4","http://www.openwall.com/lists/oss-security/2019/10/24/1","http://www.openwall.com/lists/oss-security/2019/10/29/3","http://www.openwall.com/lists/oss-security/2024/01/31/6","http://www.openwall.com/lists/oss-security/2024/02/01/1","http://www.openwall.com/lists/oss-security/2024/02/02/3","http://www.securityfocus.com/bid/106976","https://access.redhat.com/errata/RHSA-2019:0303","https://access.redhat.com/errata/RHSA-2019:0304","https://access.redhat.com/errata/RHSA-2019:0401","https://access.redhat.com/errata/RHSA-2019:0408","https://access.redhat.com/errata/RHSA-2019:0975","https://access.redhat.com/security/cve/cve-2019-5736","https://access.redhat.com/security/vulnerabilities/runcescape","https://aws.amazon.com/security/security-bulletins/AWS-2019-002/","https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/","https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/","https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html","https://brauner.github.io/2019/02/12/privileged-containers.html","https://bugzilla.suse.com/show_bug.cgi?id=1121967","https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc","https://github.com/Frichetten/CVE-2019-5736-PoC","https://github.com/docker/docker-ce/releases/tag/v18.09.2","https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b","https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d","https://github.com/q3k/cve-2019-5736-poc","https://github.com/rancher/runc-cve","https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/","https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E","https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E","https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E","https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E","https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E","https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/","https://security.gentoo.org/glsa/202003-21","https://security.netapp.com/advisory/ntap-20190307-0008/","https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us","https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc","https://usn.ubuntu.com/4048-1/","https://www.exploit-db.com/exploits/46359/","https://www.exploit-db.com/exploits/46369/","https://www.openwall.com/lists/oss-security/2019/02/11/2","https://www.synology.com/security/advisory/Synology_SA_19_06","https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html","http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html","http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html","http://www.openwall.com/lists/oss-security/2019/03/23/1","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/07/06/3","http://www.openwall.com/lists/oss-security/2019/07/06/4","http://www.openwall.com/lists/oss-security/2019/10/24/1","http://www.openwall.com/lists/oss-security/2019/10/29/3","http://www.openwall.com/lists/oss-security/2024/01/31/6","http://www.openwall.com/lists/oss-security/2024/02/01/1","http://www.openwall.com/lists/oss-security/2024/02/02/3","http://www.securityfocus.com/bid/106976","https://access.redhat.com/errata/RHSA-2019:0303","https://access.redhat.com/errata/RHSA-2019:0304","https://access.redhat.com/errata/RHSA-2019:0401","https://access.redhat.com/errata/RHSA-2019:0408","https://access.redhat.com/errata/RHSA-2019:0975","https://access.redhat.com/security/cve/cve-2019-5736","https://access.redhat.com/security/vulnerabilities/runcescape","https://aws.amazon.com/security/security-bulletins/AWS-2019-002/","https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/","https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/","https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html","https://brauner.github.io/2019/02/12/privileged-containers.html","https://bugzilla.suse.com/show_bug.cgi?id=1121967","https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc","https://github.com/Frichetten/CVE-2019-5736-PoC","https://github.com/docker/docker-ce/releases/tag/v18.09.2","https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b","https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d","https://github.com/q3k/cve-2019-5736-poc","https://github.com/rancher/runc-cve","https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/","https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E","https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E","https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E","https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E","https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E","https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/","https://security.gentoo.org/glsa/202003-21","https://security.netapp.com/advisory/ntap-20190307-0008/","https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us","https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc","https://usn.ubuntu.com/4048-1/","https://www.exploit-db.com/exploits/46359/","https://www.exploit-db.com/exploits/46369/","https://www.openwall.com/lists/oss-security/2019/02/11/2","https://www.synology.com/security/advisory/Synology_SA_19_06","https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"],"published_time":"2019-02-11T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12547","summary":"In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.00782,"ranking_epss":0.73685,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0473","https://access.redhat.com/errata/RHSA-2019:0474","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659","https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0473","https://access.redhat.com/errata/RHSA-2019:0474","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://bugs.eclipse.org/bugs/show_bug.cgi?id=543659"],"published_time":"2019-02-11T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12549","summary":"In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.00719,"ranking_epss":0.72418,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019","https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://bugs.eclipse.org/bugs/show_bug.cgi?id=544019"],"published_time":"2019-02-11T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7664","summary":"In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00344,"ranking_epss":0.57042,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2197","https://access.redhat.com/errata/RHSA-2019:3575","https://sourceware.org/bugzilla/show_bug.cgi?id=24084","https://access.redhat.com/errata/RHSA-2019:2197","https://access.redhat.com/errata/RHSA-2019:3575","https://sourceware.org/bugzilla/show_bug.cgi?id=24084"],"published_time":"2019-02-09T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7665","summary":"In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00141,"ranking_epss":0.34341,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://access.redhat.com/errata/RHSA-2019:3575","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=24089","https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html","https://usn.ubuntu.com/4012-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://access.redhat.com/errata/RHSA-2019:3575","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=24089","https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html","https://usn.ubuntu.com/4012-1/"],"published_time":"2019-02-09T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18500","summary":"A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.28229,"ranking_epss":0.96476,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","http://www.securityfocus.com/bid/106781","https://access.redhat.com/errata/RHSA-2019:0218","https://access.redhat.com/errata/RHSA-2019:0219","https://access.redhat.com/errata/RHSA-2019:0269","https://access.redhat.com/errata/RHSA-2019:0270","https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","https://security.gentoo.org/glsa/201903-04","https://security.gentoo.org/glsa/201904-07","https://usn.ubuntu.com/3874-1/","https://usn.ubuntu.com/3897-1/","https://www.debian.org/security/2019/dsa-4376","https://www.debian.org/security/2019/dsa-4392","https://www.mozilla.org/security/advisories/mfsa2019-01/","https://www.mozilla.org/security/advisories/mfsa2019-02/","https://www.mozilla.org/security/advisories/mfsa2019-03/","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","http://www.securityfocus.com/bid/106781","https://access.redhat.com/errata/RHSA-2019:0218","https://access.redhat.com/errata/RHSA-2019:0219","https://access.redhat.com/errata/RHSA-2019:0269","https://access.redhat.com/errata/RHSA-2019:0270","https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","https://security.gentoo.org/glsa/201903-04","https://security.gentoo.org/glsa/201904-07","https://usn.ubuntu.com/3874-1/","https://usn.ubuntu.com/3897-1/","https://www.debian.org/security/2019/dsa-4376","https://www.debian.org/security/2019/dsa-4392","https://www.mozilla.org/security/advisories/mfsa2019-01/","https://www.mozilla.org/security/advisories/mfsa2019-02/","https://www.mozilla.org/security/advisories/mfsa2019-03/"],"published_time":"2019-02-05T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18501","summary":"Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.04635,"ranking_epss":0.89252,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","http://www.securityfocus.com/bid/106781","https://access.redhat.com/errata/RHSA-2019:0218","https://access.redhat.com/errata/RHSA-2019:0219","https://access.redhat.com/errata/RHSA-2019:0269","https://access.redhat.com/errata/RHSA-2019:0270","https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","https://security.gentoo.org/glsa/201903-04","https://security.gentoo.org/glsa/201904-07","https://usn.ubuntu.com/3874-1/","https://usn.ubuntu.com/3897-1/","https://www.debian.org/security/2019/dsa-4376","https://www.debian.org/security/2019/dsa-4392","https://www.mozilla.org/security/advisories/mfsa2019-01/","https://www.mozilla.org/security/advisories/mfsa2019-02/","https://www.mozilla.org/security/advisories/mfsa2019-03/","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","http://www.securityfocus.com/bid/106781","https://access.redhat.com/errata/RHSA-2019:0218","https://access.redhat.com/errata/RHSA-2019:0219","https://access.redhat.com/errata/RHSA-2019:0269","https://access.redhat.com/errata/RHSA-2019:0270","https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","https://security.gentoo.org/glsa/201903-04","https://security.gentoo.org/glsa/201904-07","https://usn.ubuntu.com/3874-1/","https://usn.ubuntu.com/3897-1/","https://www.debian.org/security/2019/dsa-4376","https://www.debian.org/security/2019/dsa-4392","https://www.mozilla.org/security/advisories/mfsa2019-01/","https://www.mozilla.org/security/advisories/mfsa2019-02/","https://www.mozilla.org/security/advisories/mfsa2019-03/"],"published_time":"2019-02-05T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18505","summary":"An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.","cvss":10.0,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":10.0,"epss":0.03141,"ranking_epss":0.86848,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","http://www.securityfocus.com/bid/106781","https://access.redhat.com/errata/RHSA-2019:0218","https://access.redhat.com/errata/RHSA-2019:0219","https://access.redhat.com/errata/RHSA-2019:0269","https://access.redhat.com/errata/RHSA-2019:0270","https://bugzilla.mozilla.org/show_bug.cgi?id=1087565","https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","https://security.gentoo.org/glsa/201903-04","https://security.gentoo.org/glsa/201904-07","https://usn.ubuntu.com/3874-1/","https://usn.ubuntu.com/3897-1/","https://www.debian.org/security/2019/dsa-4376","https://www.debian.org/security/2019/dsa-4392","https://www.mozilla.org/security/advisories/mfsa2019-01/","https://www.mozilla.org/security/advisories/mfsa2019-02/","https://www.mozilla.org/security/advisories/mfsa2019-03/","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html","http://www.securityfocus.com/bid/106781","https://access.redhat.com/errata/RHSA-2019:0218","https://access.redhat.com/errata/RHSA-2019:0219","https://access.redhat.com/errata/RHSA-2019:0269","https://access.redhat.com/errata/RHSA-2019:0270","https://bugzilla.mozilla.org/show_bug.cgi?id=1087565","https://lists.debian.org/debian-lts-announce/2019/01/msg00025.html","https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","https://security.gentoo.org/glsa/201903-04","https://security.gentoo.org/glsa/201904-07","https://usn.ubuntu.com/3874-1/","https://usn.ubuntu.com/3897-1/","https://www.debian.org/security/2019/dsa-4376","https://www.debian.org/security/2019/dsa-4392","https://www.mozilla.org/security/advisories/mfsa2019-01/","https://www.mozilla.org/security/advisories/mfsa2019-02/","https://www.mozilla.org/security/advisories/mfsa2019-03/"],"published_time":"2019-02-05T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18506","summary":"When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.0236,"ranking_epss":0.84874,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html","http://www.securityfocus.com/bid/106773","https://access.redhat.com/errata/RHSA-2019:0622","https://access.redhat.com/errata/RHSA-2019:0623","https://access.redhat.com/errata/RHSA-2019:0680","https://access.redhat.com/errata/RHSA-2019:0681","https://access.redhat.com/errata/RHSA-2019:0966","https://access.redhat.com/errata/RHSA-2019:1144","https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html","https://seclists.org/bugtraq/2019/Apr/0","https://seclists.org/bugtraq/2019/Mar/28","https://security.gentoo.org/glsa/201904-07","https://usn.ubuntu.com/3874-1/","https://usn.ubuntu.com/3927-1/","https://www.debian.org/security/2019/dsa-4411","https://www.debian.org/security/2019/dsa-4420","https://www.mozilla.org/security/advisories/mfsa2019-01/","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html","http://www.securityfocus.com/bid/106773","https://access.redhat.com/errata/RHSA-2019:0622","https://access.redhat.com/errata/RHSA-2019:0623","https://access.redhat.com/errata/RHSA-2019:0680","https://access.redhat.com/errata/RHSA-2019:0681","https://access.redhat.com/errata/RHSA-2019:0966","https://access.redhat.com/errata/RHSA-2019:1144","https://lists.debian.org/debian-lts-announce/2019/03/msg00024.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00000.html","https://seclists.org/bugtraq/2019/Apr/0","https://seclists.org/bugtraq/2019/Mar/28","https://security.gentoo.org/glsa/201904-07","https://usn.ubuntu.com/3874-1/","https://usn.ubuntu.com/3927-1/","https://www.debian.org/security/2019/dsa-4411","https://www.debian.org/security/2019/dsa-4420","https://www.mozilla.org/security/advisories/mfsa2019-01/"],"published_time":"2019-02-05T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-1000019","summary":"libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0281,"ranking_epss":0.86085,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","https://access.redhat.com/errata/RHSA-2019:2298","https://access.redhat.com/errata/RHSA-2019:3698","https://github.com/libarchive/libarchive/pull/1120","https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1","https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/","https://usn.ubuntu.com/3884-1/","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","https://access.redhat.com/errata/RHSA-2019:2298","https://access.redhat.com/errata/RHSA-2019:3698","https://github.com/libarchive/libarchive/pull/1120","https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1","https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/","https://usn.ubuntu.com/3884-1/"],"published_time":"2019-02-04T21:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-1000020","summary":"libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.04887,"ranking_epss":0.8955,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","https://access.redhat.com/errata/RHSA-2019:2298","https://access.redhat.com/errata/RHSA-2019:3698","https://github.com/libarchive/libarchive/pull/1120","https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423","https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/","https://usn.ubuntu.com/3884-1/","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","https://access.redhat.com/errata/RHSA-2019:2298","https://access.redhat.com/errata/RHSA-2019:3698","https://github.com/libarchive/libarchive/pull/1120","https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423","https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/","https://usn.ubuntu.com/3884-1/"],"published_time":"2019-02-04T21:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3813","summary":"Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.4,"cvss_v3":7.5,"epss":0.00241,"ranking_epss":0.47366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106801","https://access.redhat.com/errata/RHSA-2019:0231","https://access.redhat.com/errata/RHSA-2019:0232","https://access.redhat.com/errata/RHSA-2019:0457","https://bugzilla.redhat.com/show_bug.cgi?id=1665371","https://lists.debian.org/debian-lts-announce/2019/01/msg00026.html","https://security.gentoo.org/glsa/202007-30","https://usn.ubuntu.com/3870-1/","https://www.debian.org/security/2019/dsa-4375","http://www.securityfocus.com/bid/106801","https://access.redhat.com/errata/RHSA-2019:0231","https://access.redhat.com/errata/RHSA-2019:0232","https://access.redhat.com/errata/RHSA-2019:0457","https://bugzilla.redhat.com/show_bug.cgi?id=1665371","https://lists.debian.org/debian-lts-announce/2019/01/msg00026.html","https://security.gentoo.org/glsa/202007-30","https://usn.ubuntu.com/3870-1/","https://www.debian.org/security/2019/dsa-4375"],"published_time":"2019-02-04T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7310","summary":"In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.003,"ranking_epss":0.53245,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106829","https://access.redhat.com/errata/RHSA-2019:2022","https://access.redhat.com/errata/RHSA-2019:2713","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797","https://gitlab.freedesktop.org/poppler/poppler/issues/717","https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/","https://usn.ubuntu.com/3886-1/","http://www.securityfocus.com/bid/106829","https://access.redhat.com/errata/RHSA-2019:2022","https://access.redhat.com/errata/RHSA-2019:2713","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797","https://gitlab.freedesktop.org/poppler/poppler/issues/717","https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/","https://usn.ubuntu.com/3886-1/"],"published_time":"2019-02-03T03:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-7150","summary":"An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00133,"ranking_epss":0.33052,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://access.redhat.com/errata/RHSA-2019:3575","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=24103","https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html","https://usn.ubuntu.com/4012-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://access.redhat.com/errata/RHSA-2019:3575","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=24103","https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html","https://usn.ubuntu.com/4012-1/"],"published_time":"2019-01-29T00:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-3815","summary":"A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.","cvss":3.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":3.3,"epss":0.00125,"ranking_epss":0.31895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106632","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0201","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815","https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html","http://www.securityfocus.com/bid/106632","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0201","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815","https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html"],"published_time":"2019-01-28T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16881","summary":"A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.02616,"ranking_epss":0.85597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2019:2501","https://access.redhat.com/errata/RHSA-2019:2110","https://access.redhat.com/errata/RHSA-2019:2437","https://access.redhat.com/errata/RHSA-2019:2439","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881","https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html","https://access.redhat.com/errata/RHBA-2019:2501","https://access.redhat.com/errata/RHSA-2019:2110","https://access.redhat.com/errata/RHSA-2019:2437","https://access.redhat.com/errata/RHSA-2019:2439","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16881","https://lists.debian.org/debian-lts-announce/2022/05/msg00028.html"],"published_time":"2019-01-25T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15982","summary":"Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":7.8,"epss":0.93605,"ranking_epss":0.99834,"kev":true,"propose_action":"Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability","ransomware_campaign":"Known","references":["http://www.securityfocus.com/bid/106116","https://access.redhat.com/errata/RHSA-2018:3795","https://helpx.adobe.com/security/products/flash-player/apsb18-42.html","https://www.exploit-db.com/exploits/46051/","http://www.securityfocus.com/bid/106116","https://access.redhat.com/errata/RHSA-2018:3795","https://helpx.adobe.com/security/products/flash-player/apsb18-42.html","https://www.exploit-db.com/exploits/46051/","https://github.com/cisagov/vulnrichment/issues/195","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15982"],"published_time":"2019-01-18T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5740","summary":"\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.75021,"ranking_epss":0.98862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html","http://www.securityfocus.com/bid/105055","http://www.securitytracker.com/id/1041436","https://access.redhat.com/errata/RHSA-2018:2570","https://access.redhat.com/errata/RHSA-2018:2571","https://kb.isc.org/docs/aa-01639","https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html","https://security.gentoo.org/glsa/201903-13","https://security.netapp.com/advisory/ntap-20180926-0003/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us","https://usn.ubuntu.com/3769-1/","https://usn.ubuntu.com/3769-2/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html","http://www.securityfocus.com/bid/105055","http://www.securitytracker.com/id/1041436","https://access.redhat.com/errata/RHSA-2018:2570","https://access.redhat.com/errata/RHSA-2018:2571","https://kb.isc.org/docs/aa-01639","https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html","https://security.gentoo.org/glsa/201903-13","https://security.netapp.com/advisory/ntap-20180926-0003/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us","https://usn.ubuntu.com/3769-1/","https://usn.ubuntu.com/3769-2/"],"published_time":"2019-01-16T20:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-3135","summary":"Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"epss":0.34413,"ranking_epss":0.96972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0276.html","http://www.securityfocus.com/bid/96150","http://www.securitytracker.com/id/1037801","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us","https://kb.isc.org/docs/aa-01453","https://security.gentoo.org/glsa/201708-01","https://security.netapp.com/advisory/ntap-20180926-0005/","https://www.debian.org/security/2017/dsa-3795","http://rhn.redhat.com/errata/RHSA-2017-0276.html","http://www.securityfocus.com/bid/96150","http://www.securitytracker.com/id/1037801","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us","https://kb.isc.org/docs/aa-01453","https://security.gentoo.org/glsa/201708-01","https://security.netapp.com/advisory/ntap-20180926-0005/","https://www.debian.org/security/2017/dsa-3795"],"published_time":"2019-01-16T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-3136","summary":"A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.49378,"ranking_epss":0.97774,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","http://www.securityfocus.com/bid/97653","http://www.securitytracker.com/id/1038259","https://access.redhat.com/errata/RHSA-2017:1095","https://access.redhat.com/errata/RHSA-2017:1105","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us","https://kb.isc.org/docs/aa-01465","https://security.gentoo.org/glsa/201708-01","https://security.netapp.com/advisory/ntap-20180802-0002/","https://www.debian.org/security/2017/dsa-3854","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html","http://www.securityfocus.com/bid/97653","http://www.securitytracker.com/id/1038259","https://access.redhat.com/errata/RHSA-2017:1095","https://access.redhat.com/errata/RHSA-2017:1105","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us","https://kb.isc.org/docs/aa-01465","https://security.gentoo.org/glsa/201708-01","https://security.netapp.com/advisory/ntap-20180802-0002/","https://www.debian.org/security/2017/dsa-3854"],"published_time":"2019-01-16T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-3137","summary":"Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.28496,"ranking_epss":0.96506,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97651","http://www.securitytracker.com/id/1038258","http://www.securitytracker.com/id/1040195","https://access.redhat.com/errata/RHSA-2017:1095","https://access.redhat.com/errata/RHSA-2017:1105","https://access.redhat.com/errata/RHSA-2017:1582","https://access.redhat.com/errata/RHSA-2017:1583","https://kb.isc.org/docs/aa-01466","https://security.gentoo.org/glsa/201708-01","https://security.netapp.com/advisory/ntap-20180802-0002/","https://www.debian.org/security/2017/dsa-3854","http://www.securityfocus.com/bid/97651","http://www.securitytracker.com/id/1038258","http://www.securitytracker.com/id/1040195","https://access.redhat.com/errata/RHSA-2017:1095","https://access.redhat.com/errata/RHSA-2017:1105","https://access.redhat.com/errata/RHSA-2017:1582","https://access.redhat.com/errata/RHSA-2017:1583","https://kb.isc.org/docs/aa-01466","https://security.gentoo.org/glsa/201708-01","https://security.netapp.com/advisory/ntap-20180802-0002/","https://www.debian.org/security/2017/dsa-3854"],"published_time":"2019-01-16T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-3142","summary":"An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.3,"epss":0.04951,"ranking_epss":0.89622,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99339","http://www.securitytracker.com/id/1038809","https://access.redhat.com/errata/RHSA-2017:1679","https://access.redhat.com/errata/RHSA-2017:1680","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","https://kb.isc.org/docs/aa-01504","https://security.netapp.com/advisory/ntap-20190830-0003/","https://www.debian.org/security/2017/dsa-3904","http://www.securityfocus.com/bid/99339","http://www.securitytracker.com/id/1038809","https://access.redhat.com/errata/RHSA-2017:1679","https://access.redhat.com/errata/RHSA-2017:1680","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","https://kb.isc.org/docs/aa-01504","https://security.netapp.com/advisory/ntap-20190830-0003/","https://www.debian.org/security/2017/dsa-3904"],"published_time":"2019-01-16T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-3143","summary":"An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.5,"epss":0.26927,"ranking_epss":0.96339,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99337","http://www.securitytracker.com/id/1038809","https://access.redhat.com/errata/RHSA-2017:1679","https://access.redhat.com/errata/RHSA-2017:1680","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","https://kb.isc.org/docs/aa-01503","https://security.netapp.com/advisory/ntap-20190830-0003/","https://www.debian.org/security/2017/dsa-3904","http://www.securityfocus.com/bid/99337","http://www.securitytracker.com/id/1038809","https://access.redhat.com/errata/RHSA-2017:1679","https://access.redhat.com/errata/RHSA-2017:1680","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","https://kb.isc.org/docs/aa-01503","https://security.netapp.com/advisory/ntap-20190830-0003/","https://www.debian.org/security/2017/dsa-3904"],"published_time":"2019-01-16T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-3144","summary":"A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.17594,"ranking_epss":0.9507,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102726","http://www.securitytracker.com/id/1040194","https://access.redhat.com/errata/RHSA-2018:0158","https://kb.isc.org/docs/aa-01541","https://usn.ubuntu.com/3586-1/","https://www.debian.org/security/2018/dsa-4133","http://www.securityfocus.com/bid/102726","http://www.securitytracker.com/id/1040194","https://access.redhat.com/errata/RHSA-2018:0158","https://kb.isc.org/docs/aa-01541","https://usn.ubuntu.com/3586-1/","https://www.debian.org/security/2018/dsa-4133"],"published_time":"2019-01-16T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-3145","summary":"BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.0799,"ranking_epss":0.92063,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102716","http://www.securitytracker.com/id/1040195","https://access.redhat.com/errata/RHSA-2018:0101","https://access.redhat.com/errata/RHSA-2018:0102","https://access.redhat.com/errata/RHSA-2018:0487","https://access.redhat.com/errata/RHSA-2018:0488","https://kb.isc.org/docs/aa-01542","https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html","https://security.netapp.com/advisory/ntap-20180117-0003/","https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named","https://www.debian.org/security/2018/dsa-4089","http://www.securityfocus.com/bid/102716","http://www.securitytracker.com/id/1040195","https://access.redhat.com/errata/RHSA-2018:0101","https://access.redhat.com/errata/RHSA-2018:0102","https://access.redhat.com/errata/RHSA-2018:0487","https://access.redhat.com/errata/RHSA-2018:0488","https://kb.isc.org/docs/aa-01542","https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html","https://security.netapp.com/advisory/ntap-20180117-0003/","https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named","https://www.debian.org/security/2018/dsa-4089"],"published_time":"2019-01-16T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5733","summary":"A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.","cvss":5.9,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.9,"epss":0.11316,"ranking_epss":0.93513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103188","http://www.securitytracker.com/id/1040437","https://access.redhat.com/errata/RHSA-2018:0469","https://access.redhat.com/errata/RHSA-2018:0483","https://kb.isc.org/docs/aa-01567","https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html","https://usn.ubuntu.com/3586-1/","https://usn.ubuntu.com/3586-2/","https://www.debian.org/security/2018/dsa-4133","http://www.securityfocus.com/bid/103188","http://www.securitytracker.com/id/1040437","https://access.redhat.com/errata/RHSA-2018:0469","https://access.redhat.com/errata/RHSA-2018:0483","https://kb.isc.org/docs/aa-01567","https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html","https://security.netapp.com/advisory/ntap-20250425-0010/","https://usn.ubuntu.com/3586-1/","https://usn.ubuntu.com/3586-2/","https://www.debian.org/security/2018/dsa-4133"],"published_time":"2019-01-16T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2529","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.00205,"ranking_epss":0.42674,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106619","https://access.redhat.com/errata/RHSA-2019:2327","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20190118-0002/","https://usn.ubuntu.com/3867-1/","http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106619","https://access.redhat.com/errata/RHSA-2019:2327","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://lists.debian.org/debian-lts-announce/2019/02/msg00000.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20190118-0002/","https://usn.ubuntu.com/3867-1/"],"published_time":"2019-01-16T19:30:35","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2503","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).","cvss":6.4,"cvss_version":3.0,"cvss_v2":3.8,"cvss_v3":6.4,"epss":0.00154,"ranking_epss":0.36198,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106626","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://security.netapp.com/advisory/ntap-20190118-0002/","https://usn.ubuntu.com/3867-1/","http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106626","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://security.netapp.com/advisory/ntap-20190118-0002/","https://usn.ubuntu.com/3867-1/"],"published_time":"2019-01-16T19:30:34","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2449","summary":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).","cvss":3.1,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.1,"epss":0.02418,"ranking_epss":0.85065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106597","https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://security.netapp.com/advisory/ntap-20190118-0001/","http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106597","https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://security.netapp.com/advisory/ntap-20190118-0001/"],"published_time":"2019-01-16T19:30:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2455","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.00175,"ranking_epss":0.39058,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106628","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://security.netapp.com/advisory/ntap-20190118-0002/","https://usn.ubuntu.com/3867-1/","http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106628","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2484","https://access.redhat.com/errata/RHSA-2019:2511","https://security.netapp.com/advisory/ntap-20190118-0002/","https://usn.ubuntu.com/3867-1/"],"published_time":"2019-01-16T19:30:32","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-2422","summary":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).","cvss":3.1,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.1,"epss":0.00326,"ranking_epss":0.55597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106596","https://access.redhat.com/errata/RHSA-2019:0416","https://access.redhat.com/errata/RHSA-2019:0435","https://access.redhat.com/errata/RHSA-2019:0436","https://access.redhat.com/errata/RHSA-2019:0462","https://access.redhat.com/errata/RHSA-2019:0464","https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0473","https://access.redhat.com/errata/RHSA-2019:0474","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://lists.debian.org/debian-lts-announce/2019/03/msg00033.html","https://seclists.org/bugtraq/2019/Mar/27","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20190118-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us","https://usn.ubuntu.com/3875-1/","https://usn.ubuntu.com/3942-1/","https://usn.ubuntu.com/3949-1/","https://www.debian.org/security/2019/dsa-4410","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/106596","https://access.redhat.com/errata/RHSA-2019:0416","https://access.redhat.com/errata/RHSA-2019:0435","https://access.redhat.com/errata/RHSA-2019:0436","https://access.redhat.com/errata/RHSA-2019:0462","https://access.redhat.com/errata/RHSA-2019:0464","https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0473","https://access.redhat.com/errata/RHSA-2019:0474","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://lists.debian.org/debian-lts-announce/2019/03/msg00033.html","https://seclists.org/bugtraq/2019/Mar/27","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20190118-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us","https://usn.ubuntu.com/3875-1/","https://usn.ubuntu.com/3942-1/","https://usn.ubuntu.com/3949-1/","https://www.debian.org/security/2019/dsa-4410"],"published_time":"2019-01-16T19:30:31","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14662","summary":"It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.","cvss":3.5,"cvss_version":3.0,"cvss_v2":2.7,"cvss_v3":3.5,"epss":0.00062,"ranking_epss":0.19482,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","https://access.redhat.com/errata/RHSA-2019:2538","https://access.redhat.com/errata/RHSA-2019:2541","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662","https://ceph.com/releases/13-2-4-mimic-released","https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html","https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html","https://usn.ubuntu.com/4035-1/","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","https://access.redhat.com/errata/RHSA-2019:2538","https://access.redhat.com/errata/RHSA-2019:2541","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14662","https://ceph.com/releases/13-2-4-mimic-released","https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html","https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html","https://usn.ubuntu.com/4035-1/"],"published_time":"2019-01-15T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16846","summary":"It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.04603,"ranking_epss":0.89217,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","https://access.redhat.com/errata/RHSA-2019:2538","https://access.redhat.com/errata/RHSA-2019:2541","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846","https://ceph.com/releases/13-2-4-mimic-released/","https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html","https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html","https://usn.ubuntu.com/4035-1/","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","https://access.redhat.com/errata/RHSA-2019:2538","https://access.redhat.com/errata/RHSA-2019:2541","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846","https://ceph.com/releases/13-2-4-mimic-released/","https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html","https://lists.debian.org/debian-lts-announce/2021/08/msg00013.html","https://usn.ubuntu.com/4035-1/"],"published_time":"2019-01-15T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16886","summary":"etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.","cvss":6.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.8,"epss":0.00757,"ranking_epss":0.7323,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106540","https://access.redhat.com/errata/RHSA-2019:0237","https://access.redhat.com/errata/RHSA-2019:1352","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886","https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication","https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/","http://www.securityfocus.com/bid/106540","https://access.redhat.com/errata/RHSA-2019:0237","https://access.redhat.com/errata/RHSA-2019:1352","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16886","https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.2.md#security-authentication","https://github.com/etcd-io/etcd/blob/1eee465a43720d713bb69f7b7f5e120135fdb1ac/CHANGELOG-3.3.md#security-authentication","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/"],"published_time":"2019-01-14T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-20699","summary":"Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"epss":0.00076,"ranking_epss":0.23001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:0487","https://github.com/docker/engine/pull/70","https://github.com/moby/moby/pull/37967","https://access.redhat.com/errata/RHSA-2019:0487","https://github.com/docker/engine/pull/70","https://github.com/moby/moby/pull/37967"],"published_time":"2019-01-12T02:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16865","summary":"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.","cvss":7.5,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.5,"epss":0.01222,"ranking_epss":0.79069,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html","http://seclists.org/fulldisclosure/2019/May/21","http://www.openwall.com/lists/oss-security/2019/05/10/4","http://www.openwall.com/lists/oss-security/2021/07/20/2","http://www.securityfocus.com/bid/106525","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0049","https://access.redhat.com/errata/RHSA-2019:0204","https://access.redhat.com/errata/RHSA-2019:0271","https://access.redhat.com/errata/RHSA-2019:0342","https://access.redhat.com/errata/RHSA-2019:0361","https://access.redhat.com/errata/RHSA-2019:2402","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865","https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html","https://seclists.org/bugtraq/2019/May/25","https://security.gentoo.org/glsa/201903-07","https://security.netapp.com/advisory/ntap-20190117-0001/","https://usn.ubuntu.com/3855-1/","https://www.debian.org/security/2019/dsa-4367","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.qualys.com/2019/01/09/system-down/system-down.txt","http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html","http://seclists.org/fulldisclosure/2019/May/21","http://www.openwall.com/lists/oss-security/2019/05/10/4","http://www.openwall.com/lists/oss-security/2021/07/20/2","http://www.securityfocus.com/bid/106525","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0049","https://access.redhat.com/errata/RHSA-2019:0204","https://access.redhat.com/errata/RHSA-2019:0271","https://access.redhat.com/errata/RHSA-2019:0342","https://access.redhat.com/errata/RHSA-2019:0361","https://access.redhat.com/errata/RHSA-2019:2402","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16865","https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html","https://seclists.org/bugtraq/2019/May/25","https://security.gentoo.org/glsa/201903-07","https://security.netapp.com/advisory/ntap-20190117-0001/","https://usn.ubuntu.com/3855-1/","https://www.debian.org/security/2019/dsa-4367","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.qualys.com/2019/01/09/system-down/system-down.txt"],"published_time":"2019-01-11T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16864","summary":"An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.","cvss":7.4,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.4,"epss":0.00146,"ranking_epss":0.35051,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2021/07/20/2","http://www.securityfocus.com/bid/106523","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0049","https://access.redhat.com/errata/RHSA-2019:0204","https://access.redhat.com/errata/RHSA-2019:0271","https://access.redhat.com/errata/RHSA-2019:0342","https://access.redhat.com/errata/RHSA-2019:0361","https://access.redhat.com/errata/RHSA-2019:2402","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864","https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html","https://security.gentoo.org/glsa/201903-07","https://security.netapp.com/advisory/ntap-20190117-0001/","https://usn.ubuntu.com/3855-1/","https://www.debian.org/security/2019/dsa-4367","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.qualys.com/2019/01/09/system-down/system-down.txt","http://www.openwall.com/lists/oss-security/2021/07/20/2","http://www.securityfocus.com/bid/106523","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0049","https://access.redhat.com/errata/RHSA-2019:0204","https://access.redhat.com/errata/RHSA-2019:0271","https://access.redhat.com/errata/RHSA-2019:0342","https://access.redhat.com/errata/RHSA-2019:0361","https://access.redhat.com/errata/RHSA-2019:2402","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16864","https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html","https://security.gentoo.org/glsa/201903-07","https://security.netapp.com/advisory/ntap-20190117-0001/","https://usn.ubuntu.com/3855-1/","https://www.debian.org/security/2019/dsa-4367","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.qualys.com/2019/01/09/system-down/system-down.txt"],"published_time":"2019-01-11T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16866","summary":"An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.","cvss":4.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":4.3,"epss":0.00061,"ranking_epss":0.19135,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html","http://seclists.org/fulldisclosure/2019/May/21","http://www.openwall.com/lists/oss-security/2019/05/10/4","http://www.securityfocus.com/bid/106527","https://access.redhat.com/errata/RHSA-2019:2091","https://access.redhat.com/errata/RHSA-2019:3222","https://access.redhat.com/errata/RHSA-2020:0593","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866","https://seclists.org/bugtraq/2019/May/25","https://security.gentoo.org/glsa/201903-07","https://security.netapp.com/advisory/ntap-20190117-0001/","https://usn.ubuntu.com/3855-1/","https://www.debian.org/security/2019/dsa-4367","https://www.qualys.com/2019/01/09/system-down/system-down.txt","http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html","http://seclists.org/fulldisclosure/2019/May/21","http://www.openwall.com/lists/oss-security/2019/05/10/4","http://www.securityfocus.com/bid/106527","https://access.redhat.com/errata/RHSA-2019:2091","https://access.redhat.com/errata/RHSA-2019:3222","https://access.redhat.com/errata/RHSA-2020:0593","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866","https://seclists.org/bugtraq/2019/May/25","https://security.gentoo.org/glsa/201903-07","https://security.netapp.com/advisory/ntap-20190117-0001/","https://usn.ubuntu.com/3855-1/","https://www.debian.org/security/2019/dsa-4367","https://www.qualys.com/2019/01/09/system-down/system-down.txt"],"published_time":"2019-01-11T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2019-6133","summary":"In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.","cvss":6.7,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":6.7,"epss":0.00025,"ranking_epss":0.06911,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html","http://www.securityfocus.com/bid/106537","https://access.redhat.com/errata/RHSA-2019:0230","https://access.redhat.com/errata/RHSA-2019:0420","https://access.redhat.com/errata/RHSA-2019:0832","https://access.redhat.com/errata/RHSA-2019:2699","https://access.redhat.com/errata/RHSA-2019:2978","https://bugs.chromium.org/p/project-zero/issues/detail?id=1692","https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf","https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81","https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19","https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html","https://support.f5.com/csp/article/K22715344","https://usn.ubuntu.com/3901-1/","https://usn.ubuntu.com/3901-2/","https://usn.ubuntu.com/3903-1/","https://usn.ubuntu.com/3903-2/","https://usn.ubuntu.com/3908-1/","https://usn.ubuntu.com/3908-2/","https://usn.ubuntu.com/3910-1/","https://usn.ubuntu.com/3910-2/","https://usn.ubuntu.com/3934-1/","https://usn.ubuntu.com/3934-2/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html","http://www.securityfocus.com/bid/106537","https://access.redhat.com/errata/RHSA-2019:0230","https://access.redhat.com/errata/RHSA-2019:0420","https://access.redhat.com/errata/RHSA-2019:0832","https://access.redhat.com/errata/RHSA-2019:2699","https://access.redhat.com/errata/RHSA-2019:2978","https://bugs.chromium.org/p/project-zero/issues/detail?id=1692","https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf","https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81","https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19","https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html","https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html","https://support.f5.com/csp/article/K22715344","https://usn.ubuntu.com/3901-1/","https://usn.ubuntu.com/3901-2/","https://usn.ubuntu.com/3903-1/","https://usn.ubuntu.com/3903-2/","https://usn.ubuntu.com/3908-1/","https://usn.ubuntu.com/3908-2/","https://usn.ubuntu.com/3910-1/","https://usn.ubuntu.com/3910-2/","https://usn.ubuntu.com/3934-1/","https://usn.ubuntu.com/3934-2/"],"published_time":"2019-01-11T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6174","summary":"Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01904,"ranking_epss":0.83204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/835299","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/835299","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6175","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/826019","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/826019","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6178","summary":"Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00469,"ranking_epss":0.64517,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/823194","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/823194","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6179","summary":"Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00531,"ranking_epss":0.67226,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/816685","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/816685","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6144","summary":"Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01313,"ranking_epss":0.79791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/828049","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/828049","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6147","summary":"Lack of secure text entry mode in Browser UI in Google Chrome on Mac prior to 67.0.3396.62 allowed a local attacker to obtain potentially sensitive information from process memory via a local process.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00047,"ranking_epss":0.14626,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/818133","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/818133","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6151","summary":"Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00637,"ranking_epss":0.70433,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/805905","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/805905","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6153","summary":"A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/850350","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/850350","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6158","summary":"A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.5,"epss":0.01298,"ranking_epss":0.7968,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/841280","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/841280","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6162","summary":"Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.0152,"ranking_epss":0.81204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/804123","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/804123","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6163","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/849398","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/849398","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6164","summary":"Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00542,"ranking_epss":0.67664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/848786","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/848786","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6165","summary":"Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/847718","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/847718","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6166","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/835554","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/835554","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6167","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/833143","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/833143","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6169","summary":"Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00774,"ranking_epss":0.73545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/394518","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/394518","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6170","summary":"A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/862059","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/862059","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6172","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/847242","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/847242","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6173","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/836885","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/836885","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2019-01-09T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6117","summary":"Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00936,"ranking_epss":0.76136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/822465","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/822465","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6120","summary":"An integer overflow that could lead to an attacker-controlled heap out-of-bounds write in PDFium in Google Chrome prior to 66.0.3359.170 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02399,"ranking_epss":0.85005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104143","https://access.redhat.com/errata/RHSA-2018:1446","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html","https://crbug.com/833721","https://security.gentoo.org/glsa/201805-06","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104143","https://access.redhat.com/errata/RHSA-2018:1446","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop.html","https://crbug.com/833721","https://security.gentoo.org/glsa/201805-06","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6123","summary":"A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01818,"ranking_epss":0.82818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/835639","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/835639","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6124","summary":"Type confusion in ReadableStreams in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01313,"ranking_epss":0.79791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/840320","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/840320","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6126","summary":"A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.45608,"ranking_epss":0.976,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securityfocus.com/bid/104411","http://www.securitytracker.com/id/1041014","http://www.securitytracker.com/id/1041046","https://access.redhat.com/errata/RHSA-2018:1815","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/844457","https://security.gentoo.org/glsa/201810-01","https://www.debian.org/security/2018/dsa-4220","https://www.debian.org/security/2018/dsa-4237","https://www.exploit-db.com/exploits/45098/","http://www.securityfocus.com/bid/104309","http://www.securityfocus.com/bid/104411","http://www.securitytracker.com/id/1041014","http://www.securitytracker.com/id/1041046","https://access.redhat.com/errata/RHSA-2018:1815","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/844457","https://security.gentoo.org/glsa/201810-01","https://www.debian.org/security/2018/dsa-4220","https://www.debian.org/security/2018/dsa-4237","https://www.exploit-db.com/exploits/45098/"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6127","summary":"Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.","cvss":9.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.6,"epss":0.01313,"ranking_epss":0.79791,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/842990","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/842990","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6133","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0079,"ranking_epss":0.73836,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/817247","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/817247","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6135","summary":"Lack of clearing the previous site before loading alerts from a new one in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0079,"ranking_epss":0.73836,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/823353","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/823353","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6137","summary":"CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00639,"ranking_epss":0.70468,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/835589","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/835589","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6139","summary":"Insufficient target checks on the chrome.debugger API in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.0076,"ranking_epss":0.73306,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/805224","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/805224","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6140","summary":"Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.01184,"ranking_epss":0.78749,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/798222","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/798222","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6141","summary":"Insufficient validation of an image filter in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00971,"ranking_epss":0.76591,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/796107","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/796107","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6143","summary":"Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01099,"ranking_epss":0.77992,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/843022","https://www.debian.org/security/2018/dsa-4237","http://www.securityfocus.com/bid/104309","http://www.securitytracker.com/id/1041014","https://access.redhat.com/errata/RHSA-2018:1815","https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html","https://crbug.com/843022","https://www.debian.org/security/2018/dsa-4237"],"published_time":"2019-01-09T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6109","summary":"readAsText() can indefinitely read the file picked by the user, rather than only once at the time the file is picked in File API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to access data on the user file system without explicit consent via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00797,"ranking_epss":0.7396,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/710190","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/710190","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6110","summary":"Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page.","cvss":5.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":5.4,"epss":0.00909,"ranking_epss":0.75741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/777737","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/777737","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6111","summary":"An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00682,"ranking_epss":0.71587,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/780694","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/780694","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6112","summary":"Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01187,"ranking_epss":0.7877,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/798096","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/798096","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6113","summary":"Improper handling of pending navigation entries in Navigation in Google Chrome on iOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/805900","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/805900","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6114","summary":"Incorrect enforcement of CSP for <object> tags in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass content security policy via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00625,"ranking_epss":0.70118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/811691","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/811691","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6106","summary":"An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/805729","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/805729","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6096","summary":"A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/776418","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/776418","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6097","summary":"Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/806162","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/806162","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6100","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/811117","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/811117","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6091","summary":"Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01102,"ranking_epss":0.78028,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/771933","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/771933","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6093","summary":"Insufficient origin checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00936,"ranking_epss":0.76136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/780435","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103917","https://access.redhat.com/errata/RHSA-2018:1195","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/780435","https://security.gentoo.org/glsa/201804-22","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6056","summary":"Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.06916,"ranking_epss":0.91364,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103003","https://access.redhat.com/errata/RHSA-2018:0334","https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html","https://crbug.com/806388","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103003","https://access.redhat.com/errata/RHSA-2018:0334","https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html","https://crbug.com/806388","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2019-01-09T19:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6084","summary":"Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.00123,"ranking_epss":0.31601,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103468","http://www.securityfocus.com/bid/103917","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/822424","https://www.exploit-db.com/exploits/44307/","http://www.securityfocus.com/bid/103468","http://www.securityfocus.com/bid/103917","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/822424","https://www.exploit-db.com/exploits/44307/"],"published_time":"2019-01-09T19:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16078","summary":"Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00446,"ranking_epss":0.63428,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/858820","https://security.gentoo.org/glsa/201811-10","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/858820","https://security.gentoo.org/glsa/201811-10"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16079","summary":"A race condition between permission prompts and navigations in Prompts in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":5.3,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":5.3,"epss":0.00264,"ranking_epss":0.49856,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/723503","https://security.gentoo.org/glsa/201811-10","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/723503","https://security.gentoo.org/glsa/201811-10"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16081","summary":"Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension.","cvss":7.4,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.4,"epss":0.00205,"ranking_epss":0.42633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/666299","https://security.gentoo.org/glsa/201811-10","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/666299","https://security.gentoo.org/glsa/201811-10"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16082","summary":"An out of bounds read in Swiftshader in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00481,"ranking_epss":0.65106,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/851398","https://security.gentoo.org/glsa/201811-10","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/851398","https://security.gentoo.org/glsa/201811-10"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16083","summary":"An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.19029,"ranking_epss":0.95303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/856823","https://security.gentoo.org/glsa/201811-10","https://www.exploit-db.com/exploits/45444/","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/856823","https://security.gentoo.org/glsa/201811-10","https://www.exploit-db.com/exploits/45444/"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16084","summary":"The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.00321,"ranking_epss":0.55127,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/865202","https://security.gentoo.org/glsa/201811-10","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/865202","https://security.gentoo.org/glsa/201811-10"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16088","summary":"A missing check for JS-simulated input events in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to download arbitrary files with no user input via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00405,"ranking_epss":0.61002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/848531","https://security.gentoo.org/glsa/201811-10","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/848531","https://security.gentoo.org/glsa/201811-10"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17458","summary":"An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01152,"ranking_epss":0.78471,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2818","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html","https://crbug.com/875322","https://access.redhat.com/errata/RHSA-2018:2818","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html","https://crbug.com/875322"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17459","summary":"Incorrect handling of clicks in the omnibox in Navigation in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00254,"ranking_epss":0.48707,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2818","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html","https://crbug.com/880759","https://access.redhat.com/errata/RHSA-2018:2818","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html","https://crbug.com/880759"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17461","summary":"An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00377,"ranking_epss":0.5927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/874359","https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html","https://crbug.com/874359"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17470","summary":"A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.","cvss":7.4,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.4,"epss":0.01511,"ranking_epss":0.81156,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/877874","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/877874","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330"],"published_time":"2019-01-09T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16065","summary":"A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02399,"ranking_epss":0.85005,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/867776","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4289","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/867776","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4289"],"published_time":"2019-01-09T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16066","summary":"A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01413,"ranking_epss":0.80498,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/847570","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4289","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/847570","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4289"],"published_time":"2019-01-09T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16067","summary":"A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01303,"ranking_epss":0.79719,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/860522","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4289","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/860522","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4289"],"published_time":"2019-01-09T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16068","summary":"Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.","cvss":9.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.6,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/877182","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4289","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/877182","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4289"],"published_time":"2019-01-09T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16071","summary":"A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.19029,"ranking_epss":0.95303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/855211","https://security.gentoo.org/glsa/201811-10","https://www.exploit-db.com/exploits/45443/","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/855211","https://security.gentoo.org/glsa/201811-10","https://www.exploit-db.com/exploits/45443/"],"published_time":"2019-01-09T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16076","summary":"Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00331,"ranking_epss":0.56027,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/867501","https://security.gentoo.org/glsa/201811-10","http://www.securityfocus.com/bid/105215","https://access.redhat.com/errata/RHSA-2018:2666","https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html","https://crbug.com/867501","https://security.gentoo.org/glsa/201811-10"],"published_time":"2019-01-09T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9651","summary":"A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.52739,"ranking_epss":0.97929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2919.html","http://www.securityfocus.com/bid/94633","https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","https://crbug.com/664411","https://security.gentoo.org/glsa/201612-11","https://www.exploit-db.com/exploits/42175/","http://rhn.redhat.com/errata/RHSA-2016-2919.html","http://www.securityfocus.com/bid/94633","https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","https://crbug.com/664411","https://security.gentoo.org/glsa/201612-11","https://www.exploit-db.com/exploits/42175/"],"published_time":"2019-01-09T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16885","summary":"A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.7,"epss":0.00064,"ranking_epss":0.20094,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106296","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885","http://www.securityfocus.com/bid/106296","https://access.redhat.com/errata/RHSA-2019:2029","https://access.redhat.com/errata/RHSA-2019:2043","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16885"],"published_time":"2019-01-03T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16876","summary":"ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.","cvss":3.1,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":3.1,"epss":0.00638,"ranking_epss":0.70454,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html","http://www.securityfocus.com/bid/106225","https://access.redhat.com/errata/RHSA-2018:3835","https://access.redhat.com/errata/RHSA-2018:3836","https://access.redhat.com/errata/RHSA-2018:3837","https://access.redhat.com/errata/RHSA-2018:3838","https://access.redhat.com/errata/RHSA-2019:0564","https://access.redhat.com/errata/RHSA-2019:0590","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876","https://github.com/ansible/ansible/pull/49569","https://usn.ubuntu.com/4072-1/","https://www.debian.org/security/2019/dsa-4396","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html","http://www.securityfocus.com/bid/106225","https://access.redhat.com/errata/RHSA-2018:3835","https://access.redhat.com/errata/RHSA-2018:3836","https://access.redhat.com/errata/RHSA-2018:3837","https://access.redhat.com/errata/RHSA-2018:3838","https://access.redhat.com/errata/RHSA-2019:0564","https://access.redhat.com/errata/RHSA-2019:0590","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876","https://github.com/ansible/ansible/pull/49569","https://usn.ubuntu.com/4072-1/","https://www.debian.org/security/2019/dsa-4396"],"published_time":"2019-01-03T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-20662","summary":"In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0059,"ranking_epss":0.69152,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2022","https://access.redhat.com/errata/RHSA-2019:2713","https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f","https://gitlab.freedesktop.org/poppler/poppler/issues/706","https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/","https://usn.ubuntu.com/4042-1/","https://access.redhat.com/errata/RHSA-2019:2022","https://access.redhat.com/errata/RHSA-2019:2713","https://gitlab.freedesktop.org/poppler/poppler/commit/9fd5ec0e6e5f763b190f2a55ceb5427cfe851d5f","https://gitlab.freedesktop.org/poppler/poppler/issues/706","https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/","https://usn.ubuntu.com/4042-1/"],"published_time":"2019-01-03T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-20650","summary":"A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00355,"ranking_epss":0.5779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106459","https://access.redhat.com/errata/RHSA-2019:2022","https://access.redhat.com/errata/RHSA-2019:2713","https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7","https://gitlab.freedesktop.org/poppler/poppler/issues/704","https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html","https://usn.ubuntu.com/3865-1/","http://www.securityfocus.com/bid/106459","https://access.redhat.com/errata/RHSA-2019:2022","https://access.redhat.com/errata/RHSA-2019:2713","https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7","https://gitlab.freedesktop.org/poppler/poppler/issues/704","https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html","https://usn.ubuntu.com/3865-1/"],"published_time":"2019-01-01T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19134","summary":"In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.0131,"ranking_epss":0.79763,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=693baf02152119af6e6afd30bb8ec76d14f84bbf","http://www.securityfocus.com/bid/106278","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=700141","https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html","https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf","https://www.ghostscript.com/doc/9.26/News.htm","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=693baf02152119af6e6afd30bb8ec76d14f84bbf","http://www.securityfocus.com/bid/106278","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=700141","https://lists.debian.org/debian-lts-announce/2018/12/msg00019.html","https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf","https://www.ghostscript.com/doc/9.26/News.htm"],"published_time":"2018-12-20T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000876","summary":"binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00133,"ranking_epss":0.32998,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/106304","https://access.redhat.com/errata/RHSA-2019:2075","https://sourceware.org/bugzilla/show_bug.cgi?id=23994","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f","https://usn.ubuntu.com/4336-1/","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/106304","https://access.redhat.com/errata/RHSA-2019:2075","https://sourceware.org/bugzilla/show_bug.cgi?id=23994","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=3a551c7a1b80fca579461774860574eabfd7f18f","https://usn.ubuntu.com/4336-1/"],"published_time":"2018-12-20T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000877","summary":"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01775,"ranking_epss":0.8263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","http://www.securityfocus.com/bid/106324","https://access.redhat.com/errata/RHSA-2019:2298","https://access.redhat.com/errata/RHSA-2019:3698","https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909","https://github.com/libarchive/libarchive/pull/1105","https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31","https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/","https://usn.ubuntu.com/3859-1/","https://www.debian.org/security/2018/dsa-4360","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","http://www.securityfocus.com/bid/106324","https://access.redhat.com/errata/RHSA-2019:2298","https://access.redhat.com/errata/RHSA-2019:3698","https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909","https://github.com/libarchive/libarchive/pull/1105","https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31","https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/","https://usn.ubuntu.com/3859-1/","https://www.debian.org/security/2018/dsa-4360"],"published_time":"2018-12-20T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000878","summary":"libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.0171,"ranking_epss":0.82285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","http://www.securityfocus.com/bid/106324","https://access.redhat.com/errata/RHSA-2019:2298","https://access.redhat.com/errata/RHSA-2019:3698","https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909","https://github.com/libarchive/libarchive/pull/1105","https://github.com/libarchive/libarchive/pull/1105/commits/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28","https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/","https://usn.ubuntu.com/3859-1/","https://www.debian.org/security/2018/dsa-4360","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html","http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html","http://www.securityfocus.com/bid/106324","https://access.redhat.com/errata/RHSA-2019:2298","https://access.redhat.com/errata/RHSA-2019:3698","https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909","https://github.com/libarchive/libarchive/pull/1105","https://github.com/libarchive/libarchive/pull/1105/commits/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28","https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/","https://usn.ubuntu.com/3859-1/","https://www.debian.org/security/2018/dsa-4360"],"published_time":"2018-12-20T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15127","summary":"LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.15138,"ranking_epss":0.94568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:0059","https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/","https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html","https://usn.ubuntu.com/3877-1/","https://usn.ubuntu.com/4547-1/","https://usn.ubuntu.com/4587-1/","https://www.debian.org/security/2019/dsa-4383","https://access.redhat.com/errata/RHSA-2019:0059","https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/","https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html","https://usn.ubuntu.com/3877-1/","https://usn.ubuntu.com/4547-1/","https://usn.ubuntu.com/4587-1/","https://www.debian.org/security/2019/dsa-4383"],"published_time":"2018-12-19T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19039","summary":"Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.09218,"ranking_epss":0.92693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html","http://www.securityfocus.com/bid/105994","https://access.redhat.com/errata/RHSA-2019:0747","https://access.redhat.com/errata/RHSA-2019:0911","https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961","https://security.netapp.com/advisory/ntap-20190416-0004/","https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/","http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html","http://www.securityfocus.com/bid/105994","https://access.redhat.com/errata/RHSA-2019:0747","https://access.redhat.com/errata/RHSA-2019:0911","https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961","https://security.netapp.com/advisory/ntap-20190416-0004/","https://www.percona.com/blog/2018/11/20/how-cve-2018-19039-affects-percona-monitoring-and-management/"],"published_time":"2018-12-13T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18397","summary":"The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00067,"ranking_epss":0.20985,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0163","https://access.redhat.com/errata/RHSA-2019:0202","https://access.redhat.com/errata/RHSA-2019:0324","https://access.redhat.com/errata/RHSA-2019:0831","https://bugs.chromium.org/p/project-zero/issues/detail?id=1700","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7","https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1","https://usn.ubuntu.com/3901-1/","https://usn.ubuntu.com/3901-2/","https://usn.ubuntu.com/3903-1/","https://usn.ubuntu.com/3903-2/","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ec90660d68bbdd69507c1c8b4e33aa299278b1","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0163","https://access.redhat.com/errata/RHSA-2019:0202","https://access.redhat.com/errata/RHSA-2019:0324","https://access.redhat.com/errata/RHSA-2019:0831","https://bugs.chromium.org/p/project-zero/issues/detail?id=1700","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7","https://github.com/torvalds/linux/commit/29ec90660d68bbdd69507c1c8b4e33aa299278b1","https://usn.ubuntu.com/3901-1/","https://usn.ubuntu.com/3901-2/","https://usn.ubuntu.com/3903-1/","https://usn.ubuntu.com/3903-2/"],"published_time":"2018-12-12T10:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-20097","summary":"There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.02356,"ranking_epss":0.84862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/590","https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/","https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/590","https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/"],"published_time":"2018-12-12T10:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18357","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/895207","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/895207","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18358","summary":"Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.","cvss":5.7,"cvss_version":3.0,"cvss_v2":2.9,"cvss_v3":5.7,"epss":0.00112,"ranking_epss":0.29754,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/899126","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/899126","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18342","summary":"Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01886,"ranking_epss":0.83123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/906313","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/906313","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18344","summary":"Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0096,"ranking_epss":0.76429,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/866426","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/866426","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18345","summary":"Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0072,"ranking_epss":0.7243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/886976","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/886976","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18348","summary":"Incorrect handling of bidirectional domain names with RTL characters in Omnibox in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/881659","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/881659","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18349","summary":"Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00511,"ranking_epss":0.66391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/894399","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/894399","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18350","summary":"Incorrect handling of CSP enforcement during navigations in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00625,"ranking_epss":0.70118,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/799747","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/799747","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18351","summary":"Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0072,"ranking_epss":0.7243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/833847","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/833847","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18352","summary":"Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00738,"ranking_epss":0.728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/849942","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/849942","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18353","summary":"Failure to dismiss http auth dialogs on navigation in Network Authentication in Google Chrome on Android prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of an auto dialog via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01221,"ranking_epss":0.79057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/884179","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/884179","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18354","summary":"Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/889459","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/889459","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18355","summary":"Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/896717","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/896717","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18356","summary":"An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02565,"ranking_epss":0.85473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://access.redhat.com/errata/RHSA-2019:0373","https://access.redhat.com/errata/RHSA-2019:0374","https://access.redhat.com/errata/RHSA-2019:1144","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/883666","https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html","https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","https://security.gentoo.org/glsa/201903-04","https://security.gentoo.org/glsa/201904-07","https://security.gentoo.org/glsa/201908-18","https://usn.ubuntu.com/3896-1/","https://usn.ubuntu.com/3897-1/","https://www.debian.org/security/2018/dsa-4352","https://www.debian.org/security/2019/dsa-4391","https://www.debian.org/security/2019/dsa-4392","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://access.redhat.com/errata/RHSA-2019:0373","https://access.redhat.com/errata/RHSA-2019:0374","https://access.redhat.com/errata/RHSA-2019:1144","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/883666","https://lists.debian.org/debian-lts-announce/2019/02/msg00023.html","https://lists.debian.org/debian-lts-announce/2019/02/msg00024.html","https://security.gentoo.org/glsa/201903-04","https://security.gentoo.org/glsa/201904-07","https://security.gentoo.org/glsa/201908-18","https://usn.ubuntu.com/3896-1/","https://usn.ubuntu.com/3897-1/","https://www.debian.org/security/2018/dsa-4352","https://www.debian.org/security/2019/dsa-4391","https://www.debian.org/security/2019/dsa-4392"],"published_time":"2018-12-11T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17480","summary":"Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.26964,"ranking_epss":0.96342,"kev":true,"propose_action":"Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/905940","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/905940","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480"],"published_time":"2018-12-11T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18335","summary":"Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01594,"ranking_epss":0.81624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/895362","https://security.gentoo.org/glsa/201904-07","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html","http://www.securityfocus.com/bid/106084","https://access.redhat.com/errata/RHSA-2018:3803","https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html","https://crbug.com/895362","https://security.gentoo.org/glsa/201904-07","https://security.gentoo.org/glsa/201908-18","https://www.debian.org/security/2018/dsa-4352"],"published_time":"2018-12-11T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5800","summary":"An off-by-one error within the \"LibRaw::kodak_ycbcr_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01483,"ranking_epss":0.80966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104663","https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4","https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html","https://secuniaresearch.flexerasoftware.com/advisories/79000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/","https://usn.ubuntu.com/3615-1/","http://www.securityfocus.com/bid/104663","https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4","https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html","https://secuniaresearch.flexerasoftware.com/advisories/79000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/","https://usn.ubuntu.com/3615-1/"],"published_time":"2018-12-07T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5801","summary":"An error within the \"LibRaw::unpack()\" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01111,"ranking_epss":0.78116,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914","https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html","https://secuniaresearch.flexerasoftware.com/advisories/79000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/","https://usn.ubuntu.com/3615-1/","https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/0df5490b985c419de008d32168650bff17128914","https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html","https://secuniaresearch.flexerasoftware.com/advisories/79000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/","https://usn.ubuntu.com/3615-1/"],"published_time":"2018-12-07T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5802","summary":"An error within the \"kodak_radc_load_raw()\" function (internal/dcraw_common.cpp) related to the \"buf\" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00679,"ranking_epss":0.71518,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4","https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html","https://secuniaresearch.flexerasoftware.com/advisories/79000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/","https://usn.ubuntu.com/3615-1/","https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4","https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html","https://secuniaresearch.flexerasoftware.com/advisories/79000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-1/","https://usn.ubuntu.com/3615-1/"],"published_time":"2018-12-07T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5805","summary":"A boundary error within the \"quicktake_100_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00502,"ranking_epss":0.66025,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff","https://secuniaresearch.flexerasoftware.com/advisories/81000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/","https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff","https://secuniaresearch.flexerasoftware.com/advisories/81000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/"],"published_time":"2018-12-07T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5806","summary":"An error within the \"leaf_hdr_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0039,"ranking_epss":0.60041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff","https://secuniaresearch.flexerasoftware.com/advisories/81000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/","https://access.redhat.com/errata/RHSA-2018:3065","https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt","https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff","https://secuniaresearch.flexerasoftware.com/advisories/81000/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/"],"published_time":"2018-12-07T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18311","summary":"Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.11355,"ranking_epss":0.93528,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2019/Mar/49","http://www.securityfocus.com/bid/106145","http://www.securitytracker.com/id/1042181","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0001","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0109","https://access.redhat.com/errata/RHSA-2019:1790","https://access.redhat.com/errata/RHSA-2019:1942","https://access.redhat.com/errata/RHSA-2019:2400","https://bugzilla.redhat.com/show_bug.cgi?id=1646730","https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be","https://kc.mcafee.com/corporate/index?page=content&id=SB10278","https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://rt.perl.org/Ticket/Display.html?id=133204","https://seclists.org/bugtraq/2019/Mar/42","https://security.gentoo.org/glsa/201909-01","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://usn.ubuntu.com/3834-1/","https://usn.ubuntu.com/3834-2/","https://www.debian.org/security/2018/dsa-4347","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://seclists.org/fulldisclosure/2019/Mar/49","http://www.securityfocus.com/bid/106145","http://www.securitytracker.com/id/1042181","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0001","https://access.redhat.com/errata/RHSA-2019:0010","https://access.redhat.com/errata/RHSA-2019:0109","https://access.redhat.com/errata/RHSA-2019:1790","https://access.redhat.com/errata/RHSA-2019:1942","https://access.redhat.com/errata/RHSA-2019:2400","https://bugzilla.redhat.com/show_bug.cgi?id=1646730","https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be","https://kc.mcafee.com/corporate/index?page=content&id=SB10278","https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/","https://metacpan.org/changes/release/SHAY/perl-5.26.3","https://metacpan.org/changes/release/SHAY/perl-5.28.1","https://rt.perl.org/Ticket/Display.html?id=133204","https://seclists.org/bugtraq/2019/Mar/42","https://security.gentoo.org/glsa/201909-01","https://security.netapp.com/advisory/ntap-20190221-0003/","https://support.apple.com/kb/HT209600","https://usn.ubuntu.com/3834-1/","https://usn.ubuntu.com/3834-2/","https://www.debian.org/security/2018/dsa-4347","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"],"published_time":"2018-12-07T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-9568","summary":"In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.00461,"ranking_epss":0.64119,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:0512","https://access.redhat.com/errata/RHSA-2019:0514","https://access.redhat.com/errata/RHSA-2019:2696","https://access.redhat.com/errata/RHSA-2019:2730","https://access.redhat.com/errata/RHSA-2019:2736","https://access.redhat.com/errata/RHSA-2019:3967","https://access.redhat.com/errata/RHSA-2019:4056","https://access.redhat.com/errata/RHSA-2019:4159","https://access.redhat.com/errata/RHSA-2019:4164","https://access.redhat.com/errata/RHSA-2019:4255","https://source.android.com/security/bulletin/2018-12-01","https://usn.ubuntu.com/3880-1/","https://usn.ubuntu.com/3880-2/","https://access.redhat.com/errata/RHSA-2019:0512","https://access.redhat.com/errata/RHSA-2019:0514","https://access.redhat.com/errata/RHSA-2019:2696","https://access.redhat.com/errata/RHSA-2019:2730","https://access.redhat.com/errata/RHSA-2019:2736","https://access.redhat.com/errata/RHSA-2019:3967","https://access.redhat.com/errata/RHSA-2019:4056","https://access.redhat.com/errata/RHSA-2019:4159","https://access.redhat.com/errata/RHSA-2019:4164","https://access.redhat.com/errata/RHSA-2019:4255","https://source.android.com/security/bulletin/2018-12-01","https://usn.ubuntu.com/3880-1/","https://usn.ubuntu.com/3880-2/"],"published_time":"2018-12-06T14:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6152","summary":"The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction.","cvss":9.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.6,"epss":0.00864,"ranking_epss":0.75066,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/805445","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","https://access.redhat.com/errata/RHSA-2018:2282","https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html","https://crbug.com/805445","https://security.gentoo.org/glsa/201808-01","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2018-12-04T17:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16863","summary":"It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.","cvss":7.3,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.3,"epss":0.00083,"ranking_epss":0.24502,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486","https://access.redhat.com/errata/RHSA-2018:3761","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=520bb0ea7519","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486","https://access.redhat.com/errata/RHSA-2018:3761","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16863"],"published_time":"2018-12-03T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15978","summary":"Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.02064,"ranking_epss":0.83873,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105909","http://www.securitytracker.com/id/1042098","https://access.redhat.com/errata/RHSA-2018:3618","https://helpx.adobe.com/security/products/flash-player/apsb18-39.html","http://www.securityfocus.com/bid/105909","http://www.securitytracker.com/id/1042098","https://access.redhat.com/errata/RHSA-2018:3618","https://helpx.adobe.com/security/products/flash-player/apsb18-39.html"],"published_time":"2018-11-29T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15981","summary":"Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.24049,"ranking_epss":0.96019,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105964","http://www.securitytracker.com/id/1042151","https://access.redhat.com/errata/RHSA-2018:3644","https://helpx.adobe.com/security/products/flash-player/apsb18-44.html","http://www.securityfocus.com/bid/105964","http://www.securitytracker.com/id/1042151","https://access.redhat.com/errata/RHSA-2018:3644","https://helpx.adobe.com/security/products/flash-player/apsb18-44.html"],"published_time":"2018-11-29T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-8786","summary":"FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.17754,"ranking_epss":0.95099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106938","https://access.redhat.com/errata/RHSA-2019:0697","https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3","https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/","https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/","https://usn.ubuntu.com/3845-1/","https://usn.ubuntu.com/3845-2/","http://www.securityfocus.com/bid/106938","https://access.redhat.com/errata/RHSA-2019:0697","https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3","https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX/","https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/","https://usn.ubuntu.com/3845-1/","https://usn.ubuntu.com/3845-2/"],"published_time":"2018-11-29T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-8787","summary":"FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.12733,"ranking_epss":0.93977,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106938","https://access.redhat.com/errata/RHSA-2019:0697","https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a","https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html","https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/","https://usn.ubuntu.com/3845-1/","https://usn.ubuntu.com/3845-2/","http://www.securityfocus.com/bid/106938","https://access.redhat.com/errata/RHSA-2019:0697","https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a","https://lists.debian.org/debian-lts-announce/2019/02/msg00015.html","https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/","https://usn.ubuntu.com/3845-1/","https://usn.ubuntu.com/3845-2/"],"published_time":"2018-11-29T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12121","summary":"Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.08466,"ranking_epss":0.92331,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","https://security.gentoo.org/glsa/202003-48","http://www.securityfocus.com/bid/106043","https://access.redhat.com/errata/RHSA-2019:1821","https://access.redhat.com/errata/RHSA-2019:2258","https://access.redhat.com/errata/RHSA-2019:3497","https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","https://security.gentoo.org/glsa/202003-48","https://security.netapp.com/advisory/ntap-20241227-0008/"],"published_time":"2018-11-28T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14646","summary":"The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.0004,"ranking_epss":0.12387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3651","https://access.redhat.com/errata/RHSA-2018:3666","https://access.redhat.com/errata/RHSA-2018:3843","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee","https://marc.info/?l=linux-netdev&m=151500466401174&w=2","https://access.redhat.com/errata/RHSA-2018:3651","https://access.redhat.com/errata/RHSA-2018:3666","https://access.redhat.com/errata/RHSA-2018:3843","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee","https://marc.info/?l=linux-netdev&m=151500466401174&w=2"],"published_time":"2018-11-26T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19535","summary":"In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00389,"ranking_epss":0.59942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/428","https://github.com/Exiv2/exiv2/pull/430","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/4056-1/","https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/428","https://github.com/Exiv2/exiv2/pull/430","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/4056-1/"],"published_time":"2018-11-26T02:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19475","summary":"psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.63587,"ranking_epss":0.98404,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761e03bc70a9f249a987e","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=aeea342904978c9fe17d85f4906a0f6fcce2d315","http://www.securityfocus.com/bid/106154","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.ghostscript.com/show_bug.cgi?id=700153","https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html","https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf","https://usn.ubuntu.com/3831-1/","https://www.debian.org/security/2018/dsa-4346","https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3005fcb9bb160af199e761e03bc70a9f249a987e","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=aeea342904978c9fe17d85f4906a0f6fcce2d315","http://www.securityfocus.com/bid/106154","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.ghostscript.com/show_bug.cgi?id=700153","https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html","https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf","https://usn.ubuntu.com/3831-1/","https://www.debian.org/security/2018/dsa-4346","https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26"],"published_time":"2018-11-23T05:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19476","summary":"psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00823,"ranking_epss":0.7439,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=67d760ab775dae4efe803b5944b0439aa3c0b04a","http://git.ghostscript.com/?p=ghostpdl.git%3Bh=434753adbe8be5534bfb9b7d91746023e8073d16","http://www.securityfocus.com/bid/106154","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.ghostscript.com/show_bug.cgi?id=700169","https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html","https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf","https://usn.ubuntu.com/3831-1/","https://www.debian.org/security/2018/dsa-4346","https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=67d760ab775dae4efe803b5944b0439aa3c0b04a","http://git.ghostscript.com/?p=ghostpdl.git%3Bh=434753adbe8be5534bfb9b7d91746023e8073d16","http://www.securityfocus.com/bid/106154","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.ghostscript.com/show_bug.cgi?id=700169","https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html","https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf","https://usn.ubuntu.com/3831-1/","https://www.debian.org/security/2018/dsa-4346","https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26"],"published_time":"2018-11-23T05:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19477","summary":"psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00823,"ranking_epss":0.7439,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ef252e7dc214bcbd9a2539216aab9202848602bb","http://git.ghostscript.com/?p=ghostpdl.git%3Bh=606a22e77e7f081781e99e44644cd0119f559e03","http://www.securityfocus.com/bid/106154","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.ghostscript.com/show_bug.cgi?id=700168","https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html","https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf","https://usn.ubuntu.com/3831-1/","https://www.debian.org/security/2018/dsa-4346","https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=ef252e7dc214bcbd9a2539216aab9202848602bb","http://git.ghostscript.com/?p=ghostpdl.git%3Bh=606a22e77e7f081781e99e44644cd0119f559e03","http://www.securityfocus.com/bid/106154","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.ghostscript.com/show_bug.cgi?id=700168","https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html","https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf","https://usn.ubuntu.com/3831-1/","https://www.debian.org/security/2018/dsa-4346","https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26"],"published_time":"2018-11-23T05:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19409","summary":"An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.10203,"ranking_epss":0.93115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105990","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=700176","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f","https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3831-1/","https://www.debian.org/security/2018/dsa-4346","https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26","http://www.securityfocus.com/bid/105990","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=700176","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=661e8d8fb8248c38d67958beda32f3a5876d0c3f","https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3831-1/","https://www.debian.org/security/2018/dsa-4346","https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26"],"published_time":"2018-11-21T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5407","summary":"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.","cvss":4.7,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.7,"epss":0.00643,"ranking_epss":0.7058,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105897","https://access.redhat.com/errata/RHSA-2019:0483","https://access.redhat.com/errata/RHSA-2019:0651","https://access.redhat.com/errata/RHSA-2019:0652","https://access.redhat.com/errata/RHSA-2019:2125","https://access.redhat.com/errata/RHSA-2019:3929","https://access.redhat.com/errata/RHSA-2019:3931","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://eprint.iacr.org/2018/1060.pdf","https://github.com/bbbrumley/portsmash","https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html","https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","https://security.gentoo.org/glsa/201903-10","https://security.netapp.com/advisory/ntap-20181126-0001/","https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3840-1/","https://www.debian.org/security/2018/dsa-4348","https://www.debian.org/security/2018/dsa-4355","https://www.exploit-db.com/exploits/45785/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.tenable.com/security/tns-2018-16","https://www.tenable.com/security/tns-2018-17","http://www.securityfocus.com/bid/105897","https://access.redhat.com/errata/RHSA-2019:0483","https://access.redhat.com/errata/RHSA-2019:0651","https://access.redhat.com/errata/RHSA-2019:0652","https://access.redhat.com/errata/RHSA-2019:2125","https://access.redhat.com/errata/RHSA-2019:3929","https://access.redhat.com/errata/RHSA-2019:3931","https://access.redhat.com/errata/RHSA-2019:3932","https://access.redhat.com/errata/RHSA-2019:3933","https://access.redhat.com/errata/RHSA-2019:3935","https://eprint.iacr.org/2018/1060.pdf","https://github.com/bbbrumley/portsmash","https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html","https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/","https://security.gentoo.org/glsa/201903-10","https://security.netapp.com/advisory/ntap-20181126-0001/","https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3840-1/","https://www.debian.org/security/2018/dsa-4348","https://www.debian.org/security/2018/dsa-4355","https://www.exploit-db.com/exploits/45785/","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.tenable.com/security/tns-2018-16","https://www.tenable.com/security/tns-2018-17"],"published_time":"2018-11-15T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6082","summary":"Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.7,"epss":0.00659,"ranking_epss":0.71035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/767354","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/767354","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6083","summary":"Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00936,"ranking_epss":0.7613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/771709","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/771709","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6060","summary":"Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01524,"ranking_epss":0.81227,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/780919","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/780919","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6061","summary":"A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":7.5,"epss":0.00969,"ranking_epss":0.76571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/794091","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/794091","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6062","summary":"Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01095,"ranking_epss":0.77959,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/780104","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/780104","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6063","summary":"Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00936,"ranking_epss":0.7613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/792900","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/792900","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6064","summary":"Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.21037,"ranking_epss":0.95619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/798644","https://www.debian.org/security/2018/dsa-4182","https://www.exploit-db.com/exploits/44394/","https://www.zerodayinitiative.com/advisories/ZDI-19-368/","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/798644","https://www.debian.org/security/2018/dsa-4182","https://www.exploit-db.com/exploits/44394/","https://www.zerodayinitiative.com/advisories/ZDI-19-368/"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6065","summary":"Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.88773,"ranking_epss":0.99509,"kev":true,"propose_action":"Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/808192","https://www.debian.org/security/2018/dsa-4182","https://www.exploit-db.com/exploits/44584/","https://www.zerodayinitiative.com/advisories/ZDI-19-367/","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/808192","https://www.debian.org/security/2018/dsa-4182","https://www.exploit-db.com/exploits/44584/","https://www.zerodayinitiative.com/advisories/ZDI-19-367/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6065"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6067","summary":"Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00936,"ranking_epss":0.7613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/779428","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/779428","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6070","summary":"Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.00373,"ranking_epss":0.59023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/668645","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/668645","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6077","summary":"Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00729,"ranking_epss":0.72602,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/778506","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/778506","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6078","summary":"Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.0066,"ranking_epss":0.71039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/793628","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/793628","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6079","summary":"Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00672,"ranking_epss":0.71329,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/788448","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/788448","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6080","summary":"Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00748,"ranking_epss":0.73058,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/792028","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/792028","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17463","summary":"Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.92199,"ranking_epss":0.99711,"kev":true,"propose_action":"Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.","ransomware_campaign":"Unknown","references":["http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/888923","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/888923","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17463"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17465","summary":"Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/870226","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/870226","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17466","summary":"Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01106,"ranking_epss":0.78065,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3004","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/880906","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201811-10","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4330","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362","http://www.securityfocus.com/bid/105666","http://www.securityfocus.com/bid/106168","https://access.redhat.com/errata/RHSA-2018:3004","https://access.redhat.com/errata/RHSA-2018:3831","https://access.redhat.com/errata/RHSA-2018:3833","https://access.redhat.com/errata/RHSA-2019:0159","https://access.redhat.com/errata/RHSA-2019:0160","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/880906","https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html","https://security.gentoo.org/glsa/201811-10","https://usn.ubuntu.com/3844-1/","https://usn.ubuntu.com/3868-1/","https://www.debian.org/security/2018/dsa-4330","https://www.debian.org/security/2018/dsa-4354","https://www.debian.org/security/2019/dsa-4362"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17467","summary":"Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/844881","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/844881","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17468","summary":"Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00936,"ranking_epss":0.76136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/876822","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/876822","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17471","summary":"Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00838,"ranking_epss":0.74638,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/873080","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/873080","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17472","summary":"Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.","cvss":9.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.6,"epss":0.01002,"ranking_epss":0.76967,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/822518","https://security.gentoo.org/glsa/201811-10","http://www.securityfocus.com/bid/105666","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/822518","https://security.gentoo.org/glsa/201811-10"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17474","summary":"Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01332,"ranking_epss":0.79927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/843151","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/843151","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17475","summary":"Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/852634","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/852634","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17476","summary":"Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/812769","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/812769","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17477","summary":"Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00774,"ranking_epss":0.73545,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/863703","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330","http://www.securityfocus.com/bid/105666","https://access.redhat.com/errata/RHSA-2018:3004","https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html","https://crbug.com/863703","https://security.gentoo.org/glsa/201811-10","https://www.debian.org/security/2018/dsa-4330"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6057","summary":"Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00532,"ranking_epss":0.6725,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/789959","https://www.debian.org/security/2018/dsa-4182","http://www.securityfocus.com/bid/103297","https://access.redhat.com/errata/RHSA-2018:0484","https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html","https://crbug.com/789959","https://www.debian.org/security/2018/dsa-4182"],"published_time":"2018-11-14T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19115","summary":"keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.06203,"ranking_epss":0.9083,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:0022","https://access.redhat.com/errata/RHSA-2019:1792","https://access.redhat.com/errata/RHSA-2019:1945","https://bugzilla.suse.com/show_bug.cgi?id=1015141","https://github.com/acassen/keepalived/pull/961","https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9","https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html","https://security.gentoo.org/glsa/201903-01","https://usn.ubuntu.com/3995-1/","https://usn.ubuntu.com/3995-2/","https://access.redhat.com/errata/RHSA-2019:0022","https://access.redhat.com/errata/RHSA-2019:1792","https://access.redhat.com/errata/RHSA-2019:1945","https://bugzilla.suse.com/show_bug.cgi?id=1015141","https://github.com/acassen/keepalived/pull/961","https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9","https://lists.debian.org/debian-lts-announce/2018/11/msg00034.html","https://security.gentoo.org/glsa/201903-01","https://usn.ubuntu.com/3995-1/","https://usn.ubuntu.com/3995-2/"],"published_time":"2018-11-08T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19107","summary":"In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00387,"ranking_epss":0.5979,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/427","https://github.com/Exiv2/exiv2/pull/518","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/4056-1/","https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/427","https://github.com/Exiv2/exiv2/pull/518","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/4056-1/"],"published_time":"2018-11-08T08:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19108","summary":"In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00525,"ranking_epss":0.66953,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html","https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/426","https://github.com/Exiv2/exiv2/pull/518","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/4056-1/","http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html","https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/426","https://github.com/Exiv2/exiv2/pull/518","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/4056-1/"],"published_time":"2018-11-08T08:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-19058","summary":"An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00276,"ranking_epss":0.51034,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2022","https://gitlab.freedesktop.org/poppler/poppler/issues/659","https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html","https://usn.ubuntu.com/3837-1/","https://access.redhat.com/errata/RHSA-2019:2022","https://gitlab.freedesktop.org/poppler/poppler/issues/659","https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html","https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html","https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html","https://usn.ubuntu.com/3837-1/"],"published_time":"2018-11-07T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18897","summary":"An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00197,"ranking_epss":0.41619,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2022","https://access.redhat.com/errata/RHSA-2019:2713","https://gitlab.freedesktop.org/poppler/poppler/issues/654","https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html","https://usn.ubuntu.com/4042-1/","https://access.redhat.com/errata/RHSA-2019:2022","https://access.redhat.com/errata/RHSA-2019:2713","https://gitlab.freedesktop.org/poppler/poppler/issues/654","https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html","https://usn.ubuntu.com/4042-1/"],"published_time":"2018-11-02T07:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14660","summary":"A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.01601,"ranking_epss":0.81658,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14660","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-11-01T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-2125","summary":"It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.","cvss":6.4,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":6.4,"epss":0.11667,"ranking_epss":0.93651,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0494.html","http://rhn.redhat.com/errata/RHSA-2017-0495.html","http://rhn.redhat.com/errata/RHSA-2017-0662.html","http://rhn.redhat.com/errata/RHSA-2017-0744.html","http://www.securityfocus.com/bid/94988","http://www.securitytracker.com/id/1037494","https://access.redhat.com/errata/RHSA-2017:1265","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125","https://www.samba.org/samba/security/CVE-2016-2125.html","http://rhn.redhat.com/errata/RHSA-2017-0494.html","http://rhn.redhat.com/errata/RHSA-2017-0495.html","http://rhn.redhat.com/errata/RHSA-2017-0662.html","http://rhn.redhat.com/errata/RHSA-2017-0744.html","http://www.securityfocus.com/bid/94988","http://www.securitytracker.com/id/1037494","https://access.redhat.com/errata/RHSA-2017:1265","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125","https://www.samba.org/samba/security/CVE-2016-2125.html"],"published_time":"2018-10-31T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14661","summary":"It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.02567,"ranking_epss":0.85481,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661","https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661","https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-10-31T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14652","summary":"The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.02302,"ranking_epss":0.8469,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652","https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652","https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-10-31T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14653","summary":"The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":6.5,"epss":0.01596,"ranking_epss":0.81633,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653","https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14653","https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-10-31T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14654","summary":"The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.","cvss":5.4,"cvss_version":3.0,"cvss_v2":8.5,"cvss_v3":5.4,"epss":0.02023,"ranking_epss":0.83723,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-10-31T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14659","summary":"The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.02144,"ranking_epss":0.84171,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659","https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","https://access.redhat.com/errata/RHSA-2018:3431","https://access.redhat.com/errata/RHSA-2018:3432","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659","https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-10-31T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15688","summary":"A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.","cvss":8.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":8.8,"epss":0.00727,"ranking_epss":0.72568,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105745","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3665","https://access.redhat.com/errata/RHSA-2019:0049","https://github.com/systemd/systemd/pull/10518","https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html","https://security.gentoo.org/glsa/201810-10","https://usn.ubuntu.com/3806-1/","https://usn.ubuntu.com/3807-1/","http://www.securityfocus.com/bid/105745","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3665","https://access.redhat.com/errata/RHSA-2019:0049","https://github.com/systemd/systemd/pull/10518","https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html","https://security.gentoo.org/glsa/201810-10","https://usn.ubuntu.com/3806-1/","https://usn.ubuntu.com/3807-1/"],"published_time":"2018-10-26T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14665","summary":"A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.","cvss":6.6,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.6,"epss":0.08941,"ranking_epss":0.92564,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html","http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html","http://www.securityfocus.com/bid/105741","http://www.securitytracker.com/id/1041948","https://access.redhat.com/errata/RHSA-2018:3410","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665","https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e","https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170","https://lists.x.org/archives/xorg-announce/2018-October/002927.html","https://security.gentoo.org/glsa/201810-09","https://usn.ubuntu.com/3802-1/","https://www.debian.org/security/2018/dsa-4328","https://www.exploit-db.com/exploits/45697/","https://www.exploit-db.com/exploits/45742/","https://www.exploit-db.com/exploits/45832/","https://www.exploit-db.com/exploits/45908/","https://www.exploit-db.com/exploits/45922/","https://www.exploit-db.com/exploits/45938/","https://www.exploit-db.com/exploits/46142/","https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html","http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html","http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html","http://www.securityfocus.com/bid/105741","http://www.securitytracker.com/id/1041948","https://access.redhat.com/errata/RHSA-2018:3410","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665","https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e","https://gitlab.freedesktop.org/xorg/xserver/commit/8a59e3b7dbb30532a7c3769c555e00d7c4301170","https://lists.x.org/archives/xorg-announce/2018-October/002927.html","https://security.gentoo.org/glsa/201810-09","https://usn.ubuntu.com/3802-1/","https://www.debian.org/security/2018/dsa-4328","https://www.exploit-db.com/exploits/45697/","https://www.exploit-db.com/exploits/45742/","https://www.exploit-db.com/exploits/45832/","https://www.exploit-db.com/exploits/45908/","https://www.exploit-db.com/exploits/45922/","https://www.exploit-db.com/exploits/45938/","https://www.exploit-db.com/exploits/46142/","https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html"],"published_time":"2018-10-25T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18585","summary":"chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\\0' as its first or second character (such as the \"/\\0\" name).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.01307,"ranking_epss":0.79745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2049","https://bugs.debian.org/911637","https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f","https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3814-1/","https://usn.ubuntu.com/3814-2/","https://usn.ubuntu.com/3814-3/","https://www.openwall.com/lists/oss-security/2018/10/22/1","https://www.starwindsoftware.com/security/sw-20181213-0002/","https://access.redhat.com/errata/RHSA-2019:2049","https://bugs.debian.org/911637","https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f","https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3814-1/","https://usn.ubuntu.com/3814-2/","https://usn.ubuntu.com/3814-3/","https://www.openwall.com/lists/oss-security/2018/10/22/1","https://www.starwindsoftware.com/security/sw-20181213-0002/"],"published_time":"2018-10-23T02:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18559","summary":"In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.00836,"ranking_epss":0.74606,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0163","https://access.redhat.com/errata/RHSA-2019:0188","https://access.redhat.com/errata/RHSA-2019:1170","https://access.redhat.com/errata/RHSA-2019:1190","https://access.redhat.com/errata/RHSA-2019:3967","https://access.redhat.com/errata/RHSA-2019:4159","https://access.redhat.com/errata/RHSA-2020:0174","https://blogs.securiteam.com/index.php/archives/3731","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0163","https://access.redhat.com/errata/RHSA-2019:0188","https://access.redhat.com/errata/RHSA-2019:1170","https://access.redhat.com/errata/RHSA-2019:1190","https://access.redhat.com/errata/RHSA-2019:3967","https://access.redhat.com/errata/RHSA-2019:4159","https://access.redhat.com/errata/RHSA-2020:0174","https://blogs.securiteam.com/index.php/archives/3731"],"published_time":"2018-10-22T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18284","summary":"Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.","cvss":8.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.6,"epss":0.00331,"ranking_epss":0.56055,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b","http://www.openwall.com/lists/oss-security/2018/10/16/2","http://www.securityfocus.com/bid/107451","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.chromium.org/p/project-zero/issues/detail?id=1696","https://bugs.ghostscript.com/show_bug.cgi?id=699963","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101","https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html","https://security.gentoo.org/glsa/201811-12","https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3803-1/","https://www.debian.org/security/2018/dsa-4336","http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b","http://www.openwall.com/lists/oss-security/2018/10/16/2","http://www.securityfocus.com/bid/107451","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.chromium.org/p/project-zero/issues/detail?id=1696","https://bugs.ghostscript.com/show_bug.cgi?id=699963","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101","https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html","https://security.gentoo.org/glsa/201811-12","https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3803-1/","https://www.debian.org/security/2018/dsa-4336"],"published_time":"2018-10-19T22:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18520","summary":"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00889,"ranking_epss":0.75461,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23787","https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html","https://usn.ubuntu.com/4012-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23787","https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html","https://usn.ubuntu.com/4012-1/"],"published_time":"2018-10-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18521","summary":"Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00105,"ranking_epss":0.2865,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23786","https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html","https://usn.ubuntu.com/4012-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23786","https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html","https://usn.ubuntu.com/4012-1/"],"published_time":"2018-10-19T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5188","summary":"Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03029,"ranking_epss":0.86607,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104555","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://usn.ubuntu.com/3749-1/","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/","http://www.securityfocus.com/bid/104555","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://usn.ubuntu.com/3749-1/","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/"],"published_time":"2018-10-18T13:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12385","summary":"A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2.","cvss":7.0,"cvss_version":3.0,"cvss_v2":4.4,"cvss_v3":7.0,"epss":0.0006,"ranking_epss":0.1887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105380","http://www.securitytracker.com/id/1041700","http://www.securitytracker.com/id/1041701","https://access.redhat.com/errata/RHSA-2018:2834","https://access.redhat.com/errata/RHSA-2018:2835","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1490585","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3778-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4304","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-22/","https://www.mozilla.org/security/advisories/mfsa2018-23/","https://www.mozilla.org/security/advisories/mfsa2018-25/","http://www.securityfocus.com/bid/105380","http://www.securitytracker.com/id/1041700","http://www.securitytracker.com/id/1041701","https://access.redhat.com/errata/RHSA-2018:2834","https://access.redhat.com/errata/RHSA-2018:2835","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1490585","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3778-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4304","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-22/","https://www.mozilla.org/security/advisories/mfsa2018-23/","https://www.mozilla.org/security/advisories/mfsa2018-25/"],"published_time":"2018-10-18T13:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12386","summary":"A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.","cvss":8.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":8.1,"epss":0.39099,"ranking_epss":0.9726,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105460","http://www.securitytracker.com/id/1041770","https://access.redhat.com/errata/RHSA-2018:2881","https://access.redhat.com/errata/RHSA-2018:2884","https://bugzilla.mozilla.org/show_bug.cgi?id=1493900","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3778-1/","https://www.debian.org/security/2018/dsa-4310","https://www.mozilla.org/security/advisories/mfsa2018-24/","http://www.securityfocus.com/bid/105460","http://www.securitytracker.com/id/1041770","https://access.redhat.com/errata/RHSA-2018:2881","https://access.redhat.com/errata/RHSA-2018:2884","https://bugzilla.mozilla.org/show_bug.cgi?id=1493900","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3778-1/","https://www.debian.org/security/2018/dsa-4310","https://www.mozilla.org/security/advisories/mfsa2018-24/"],"published_time":"2018-10-18T13:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12387","summary":"A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"epss":0.33401,"ranking_epss":0.96901,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105460","http://www.securitytracker.com/id/1041770","https://access.redhat.com/errata/RHSA-2018:2881","https://access.redhat.com/errata/RHSA-2018:2884","https://bugzilla.mozilla.org/show_bug.cgi?id=1493903","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3778-1/","https://www.debian.org/security/2018/dsa-4310","https://www.mozilla.org/security/advisories/mfsa2018-24/","http://www.securityfocus.com/bid/105460","http://www.securitytracker.com/id/1041770","https://access.redhat.com/errata/RHSA-2018:2881","https://access.redhat.com/errata/RHSA-2018:2884","https://bugzilla.mozilla.org/show_bug.cgi?id=1493903","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3778-1/","https://www.debian.org/security/2018/dsa-4310","https://www.mozilla.org/security/advisories/mfsa2018-24/"],"published_time":"2018-10-18T13:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5156","summary":"A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03107,"ranking_epss":0.86776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://bugzilla.mozilla.org/show_bug.cgi?id=1453127","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4295","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-19/","http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://bugzilla.mozilla.org/show_bug.cgi?id=1453127","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4295","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-19/"],"published_time":"2018-10-18T13:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12378","summary":"A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03107,"ranking_epss":0.86776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105280","http://www.securitytracker.com/id/1041610","https://access.redhat.com/errata/RHSA-2018:2692","https://access.redhat.com/errata/RHSA-2018:2693","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1459383","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3761-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4287","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-21/","https://www.mozilla.org/security/advisories/mfsa2018-25/","http://www.securityfocus.com/bid/105280","http://www.securitytracker.com/id/1041610","https://access.redhat.com/errata/RHSA-2018:2692","https://access.redhat.com/errata/RHSA-2018:2693","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1459383","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3761-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4287","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-21/","https://www.mozilla.org/security/advisories/mfsa2018-25/"],"published_time":"2018-10-18T13:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12379","summary":"When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00098,"ranking_epss":0.27165,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105280","http://www.securitytracker.com/id/1041610","https://access.redhat.com/errata/RHSA-2018:2692","https://access.redhat.com/errata/RHSA-2018:2693","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1473113","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-21/","https://www.mozilla.org/security/advisories/mfsa2018-25/","http://www.securityfocus.com/bid/105280","http://www.securitytracker.com/id/1041610","https://access.redhat.com/errata/RHSA-2018:2692","https://access.redhat.com/errata/RHSA-2018:2693","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1473113","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-21/","https://www.mozilla.org/security/advisories/mfsa2018-25/"],"published_time":"2018-10-18T13:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12383","summary":"If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.0008,"ranking_epss":0.23712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105276","http://www.securitytracker.com/id/1041610","http://www.securitytracker.com/id/1041701","https://access.redhat.com/errata/RHSA-2018:2834","https://access.redhat.com/errata/RHSA-2018:2835","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1475775","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3761-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4304","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-23/","https://www.mozilla.org/security/advisories/mfsa2018-25/","http://www.securityfocus.com/bid/105276","http://www.securitytracker.com/id/1041610","http://www.securitytracker.com/id/1041701","https://access.redhat.com/errata/RHSA-2018:2834","https://access.redhat.com/errata/RHSA-2018:2835","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1475775","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3761-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4304","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-23/","https://www.mozilla.org/security/advisories/mfsa2018-25/"],"published_time":"2018-10-18T13:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12373","summary":"dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01098,"ranking_epss":0.77988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104613","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1464056","https://bugzilla.mozilla.org/show_bug.cgi?id=1464667","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-18/","http://www.securityfocus.com/bid/104613","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1464056","https://bugzilla.mozilla.org/show_bug.cgi?id=1464667","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-18/"],"published_time":"2018-10-18T13:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12374","summary":"Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00763,"ranking_epss":0.7337,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104613","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1462910","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-18/","http://www.securityfocus.com/bid/104613","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1462910","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-18/"],"published_time":"2018-10-18T13:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12376","summary":"Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03107,"ranking_epss":0.86776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105280","http://www.securitytracker.com/id/1041610","https://access.redhat.com/errata/RHSA-2018:2692","https://access.redhat.com/errata/RHSA-2018:2693","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1469309%2C1469914%2C1450989%2C1480092%2C1480517%2C1481093%2C1478575%2C1471953%2C1473161%2C1466991%2C1468738%2C1483120%2C1467363%2C1472925%2C1466577%2C1467889%2C1480521%2C1478849","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3761-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4287","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-21/","https://www.mozilla.org/security/advisories/mfsa2018-25/","http://www.securityfocus.com/bid/105280","http://www.securitytracker.com/id/1041610","https://access.redhat.com/errata/RHSA-2018:2692","https://access.redhat.com/errata/RHSA-2018:2693","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1469309%2C1469914%2C1450989%2C1480092%2C1480517%2C1481093%2C1478575%2C1471953%2C1473161%2C1466991%2C1468738%2C1483120%2C1467363%2C1472925%2C1466577%2C1467889%2C1480521%2C1478849","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3761-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4287","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-21/","https://www.mozilla.org/security/advisories/mfsa2018-25/"],"published_time":"2018-10-18T13:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12377","summary":"A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03107,"ranking_epss":0.86776,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105280","http://www.securitytracker.com/id/1041610","https://access.redhat.com/errata/RHSA-2018:2692","https://access.redhat.com/errata/RHSA-2018:2693","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1470260","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3761-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4287","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-21/","https://www.mozilla.org/security/advisories/mfsa2018-25/","http://www.securityfocus.com/bid/105280","http://www.securitytracker.com/id/1041610","https://access.redhat.com/errata/RHSA-2018:2692","https://access.redhat.com/errata/RHSA-2018:2693","https://access.redhat.com/errata/RHSA-2018:3403","https://access.redhat.com/errata/RHSA-2018:3458","https://bugzilla.mozilla.org/show_bug.cgi?id=1470260","https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3761-1/","https://usn.ubuntu.com/3793-1/","https://www.debian.org/security/2018/dsa-4287","https://www.debian.org/security/2018/dsa-4327","https://www.mozilla.org/security/advisories/mfsa2018-20/","https://www.mozilla.org/security/advisories/mfsa2018-21/","https://www.mozilla.org/security/advisories/mfsa2018-25/"],"published_time":"2018-10-18T13:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12372","summary":"Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00786,"ranking_epss":0.73779,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104613","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1419417","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-18/","http://www.securityfocus.com/bid/104613","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1419417","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-18/"],"published_time":"2018-10-18T13:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12364","summary":"NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.0267,"ranking_epss":0.85758,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1436241","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/","http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1436241","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/"],"published_time":"2018-10-18T13:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12365","summary":"A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.02054,"ranking_epss":0.83833,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1459206","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/","http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1459206","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/"],"published_time":"2018-10-18T13:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12366","summary":"An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01075,"ranking_epss":0.77738,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1464039","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/","http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1464039","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/"],"published_time":"2018-10-18T13:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12362","summary":"An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01902,"ranking_epss":0.83197,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1452375","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/","http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1452375","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/"],"published_time":"2018-10-18T13:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12363","summary":"A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02562,"ranking_epss":0.85469,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1464784","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/","http://www.securityfocus.com/bid/104560","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1464784","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/"],"published_time":"2018-10-18T13:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12359","summary":"A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.03167,"ranking_epss":0.86899,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104555","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1459162","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/","http://www.securityfocus.com/bid/104555","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1459162","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/"],"published_time":"2018-10-18T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12360","summary":"A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02012,"ranking_epss":0.83655,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104555","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1459693","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/","http://www.securityfocus.com/bid/104555","http://www.securitytracker.com/id/1041193","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://access.redhat.com/errata/RHSA-2018:2251","https://access.redhat.com/errata/RHSA-2018:2252","https://bugzilla.mozilla.org/show_bug.cgi?id=1459693","https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3705-1/","https://usn.ubuntu.com/3714-1/","https://www.debian.org/security/2018/dsa-4235","https://www.debian.org/security/2018/dsa-4244","https://www.mozilla.org/security/advisories/mfsa2018-15/","https://www.mozilla.org/security/advisories/mfsa2018-16/","https://www.mozilla.org/security/advisories/mfsa2018-17/","https://www.mozilla.org/security/advisories/mfsa2018-18/","https://www.mozilla.org/security/advisories/mfsa2018-19/"],"published_time":"2018-10-18T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18445","summary":"In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.00045,"ranking_epss":0.13847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681","https://access.redhat.com/errata/RHSA-2019:0512","https://access.redhat.com/errata/RHSA-2019:0514","https://bugs.chromium.org/p/project-zero/issues/detail?id=1686","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13","https://github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681","https://support.f5.com/csp/article/K38456756","https://usn.ubuntu.com/3832-1/","https://usn.ubuntu.com/3835-1/","https://usn.ubuntu.com/3847-1/","https://usn.ubuntu.com/3847-2/","https://usn.ubuntu.com/3847-3/","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681","https://access.redhat.com/errata/RHSA-2019:0512","https://access.redhat.com/errata/RHSA-2019:0514","https://bugs.chromium.org/p/project-zero/issues/detail?id=1686","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.75","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.13","https://github.com/torvalds/linux/commit/b799207e1e1816b09e7a5920fbb2d5fcf6edd681","https://support.f5.com/csp/article/K38456756","https://usn.ubuntu.com/3832-1/","https://usn.ubuntu.com/3835-1/","https://usn.ubuntu.com/3847-1/","https://usn.ubuntu.com/3847-2/","https://usn.ubuntu.com/3847-3/"],"published_time":"2018-10-17T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3282","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"epss":0.0014,"ranking_epss":0.34256,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105610","http://www.securitytracker.com/id/1041888","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20181018-0002/","https://usn.ubuntu.com/3799-1/","https://usn.ubuntu.com/3799-2/","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105610","http://www.securitytracker.com/id/1041888","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20181018-0002/","https://usn.ubuntu.com/3799-1/","https://usn.ubuntu.com/3799-2/","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-10-17T01:31:29","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3214","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00415,"ranking_epss":0.61631,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105615","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://www.debian.org/security/2018/dsa-4326","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105615","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://www.debian.org/security/2018/dsa-4326"],"published_time":"2018-10-17T01:31:23","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3180","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).","cvss":5.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":5.6,"epss":0.0009,"ranking_epss":0.25695,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105617","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105617","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326"],"published_time":"2018-10-17T01:31:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3183","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).","cvss":9.0,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.0,"epss":0.00697,"ranking_epss":0.71908,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105622","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3852","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://www.debian.org/security/2018/dsa-4326","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105622","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3852","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://www.debian.org/security/2018/dsa-4326"],"published_time":"2018-10-17T01:31:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3169","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":8.3,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":8.3,"epss":0.00513,"ranking_epss":0.66493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105587","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105587","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326"],"published_time":"2018-10-17T01:31:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3149","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":8.3,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":8.3,"epss":0.0053,"ranking_epss":0.67204,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105608","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105608","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326"],"published_time":"2018-10-17T01:31:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3136","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).","cvss":3.4,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.4,"epss":0.00389,"ranking_epss":0.59987,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105601","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105601","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326"],"published_time":"2018-10-17T01:31:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3139","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).","cvss":3.1,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.1,"epss":0.00093,"ranking_epss":0.26229,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105602","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105602","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:2942","https://access.redhat.com/errata/RHSA-2018:2943","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3350","https://access.redhat.com/errata/RHSA-2018:3409","https://access.redhat.com/errata/RHSA-2018:3521","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03952en_us","https://usn.ubuntu.com/3804-1/","https://usn.ubuntu.com/3824-1/","https://www.debian.org/security/2018/dsa-4326"],"published_time":"2018-10-17T01:31:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18073","summary":"Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.","cvss":6.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.3,"epss":0.00281,"ranking_epss":0.51415,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c","http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html","http://www.openwall.com/lists/oss-security/2018/10/10/12","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.chromium.org/p/project-zero/issues/detail?id=1690","https://bugs.ghostscript.com/show_bug.cgi?id=699927","https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html","https://usn.ubuntu.com/3803-1/","https://www.debian.org/security/2018/dsa-4336","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=34cc326eb2c5695833361887fe0b32e8d987741c","http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html","http://www.openwall.com/lists/oss-security/2018/10/10/12","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.chromium.org/p/project-zero/issues/detail?id=1690","https://bugs.ghostscript.com/show_bug.cgi?id=699927","https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html","https://usn.ubuntu.com/3803-1/","https://www.debian.org/security/2018/dsa-4336"],"published_time":"2018-10-15T16:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17961","summary":"Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.","cvss":8.6,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.6,"epss":0.11327,"ranking_epss":0.9352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a54c9e61e7d0","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a5a9bf8c6a63","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6807394bd94","http://www.openwall.com/lists/oss-security/2018/10/09/4","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2","https://bugs.ghostscript.com/show_bug.cgi?id=699816","https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html","https://usn.ubuntu.com/3803-1/","https://www.debian.org/security/2018/dsa-4336","https://www.exploit-db.com/exploits/45573/","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a54c9e61e7d0","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a5a9bf8c6a63","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6807394bd94","http://www.openwall.com/lists/oss-security/2018/10/09/4","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2","https://bugs.ghostscript.com/show_bug.cgi?id=699816","https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html","https://usn.ubuntu.com/3803-1/","https://www.debian.org/security/2018/dsa-4336","https://www.exploit-db.com/exploits/45573/"],"published_time":"2018-10-15T16:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18310","summary":"An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00093,"ranking_epss":0.26202,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23752","https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html","https://usn.ubuntu.com/4012-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23752","https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html","https://usn.ubuntu.com/4012-1/"],"published_time":"2018-10-15T02:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14649","summary":"It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.58114,"ranking_epss":0.98175,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105434","https://access.redhat.com/articles/3623521","https://access.redhat.com/errata/RHSA-2018:2837","https://access.redhat.com/errata/RHSA-2018:2838","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649","https://github.com/ceph/ceph-iscsi-cli/issues/120","https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b","http://www.securityfocus.com/bid/105434","https://access.redhat.com/articles/3623521","https://access.redhat.com/errata/RHSA-2018:2837","https://access.redhat.com/errata/RHSA-2018:2838","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649","https://github.com/ceph/ceph-iscsi-cli/issues/120","https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b"],"published_time":"2018-10-09T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-18074","summary":"The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00243,"ranking_epss":0.47487,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://docs.python-requests.org/en/master/community/updates/#release-and-version-history","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html","https://access.redhat.com/errata/RHSA-2019:2035","https://bugs.debian.org/910766","https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff","https://github.com/requests/requests/issues/4716","https://github.com/requests/requests/pull/4718","https://usn.ubuntu.com/3790-1/","https://usn.ubuntu.com/3790-2/","https://www.oracle.com/security-alerts/cpujul2022.html","http://docs.python-requests.org/en/master/community/updates/#release-and-version-history","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html","https://access.redhat.com/errata/RHSA-2019:2035","https://bugs.debian.org/910766","https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff","https://github.com/requests/requests/issues/4716","https://github.com/requests/requests/pull/4718","https://usn.ubuntu.com/3790-1/","https://usn.ubuntu.com/3790-2/","https://www.oracle.com/security-alerts/cpujul2022.html"],"published_time":"2018-10-09T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000805","summary":"Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"epss":0.00421,"ranking_epss":0.61977,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2018:3497","https://access.redhat.com/errata/RHSA-2018:3347","https://access.redhat.com/errata/RHSA-2018:3406","https://access.redhat.com/errata/RHSA-2018:3505","https://github.com/paramiko/paramiko/issues/1283","https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt","https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html","https://usn.ubuntu.com/3796-1/","https://usn.ubuntu.com/3796-2/","https://usn.ubuntu.com/3796-3/","https://access.redhat.com/errata/RHBA-2018:3497","https://access.redhat.com/errata/RHSA-2018:3347","https://access.redhat.com/errata/RHSA-2018:3406","https://access.redhat.com/errata/RHSA-2018:3505","https://github.com/paramiko/paramiko/issues/1283","https://herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt","https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html","https://usn.ubuntu.com/3796-1/","https://usn.ubuntu.com/3796-2/","https://usn.ubuntu.com/3796-3/"],"published_time":"2018-10-08T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000807","summary":"Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.0303,"ranking_epss":0.8661,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html","https://access.redhat.com/errata/RHSA-2019:0085","https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509","https://github.com/pyca/pyopenssl/pull/723","https://usn.ubuntu.com/3813-1/","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html","https://access.redhat.com/errata/RHSA-2019:0085","https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509","https://github.com/pyca/pyopenssl/pull/723","https://usn.ubuntu.com/3813-1/"],"published_time":"2018-10-08T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000808","summary":"Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.00161,"ranking_epss":0.37067,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html","https://access.redhat.com/errata/RHSA-2019:0085","https://github.com/pyca/pyopenssl/pull/723","https://usn.ubuntu.com/3813-1/","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html","https://access.redhat.com/errata/RHSA-2019:0085","https://github.com/pyca/pyopenssl/pull/723","https://usn.ubuntu.com/3813-1/"],"published_time":"2018-10-08T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17456","summary":"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.66226,"ranking_epss":0.98515,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html","http://www.securityfocus.com/bid/105523","http://www.securityfocus.com/bid/107511","http://www.securitytracker.com/id/1041811","https://access.redhat.com/errata/RHSA-2018:3408","https://access.redhat.com/errata/RHSA-2018:3505","https://access.redhat.com/errata/RHSA-2018:3541","https://access.redhat.com/errata/RHSA-2020:0316","https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404","https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46","https://marc.info/?l=git&m=153875888916397&w=2","https://seclists.org/bugtraq/2019/Mar/30","https://usn.ubuntu.com/3791-1/","https://www.debian.org/security/2018/dsa-4311","https://www.exploit-db.com/exploits/45548/","https://www.exploit-db.com/exploits/45631/","https://www.openwall.com/lists/oss-security/2018/10/06/3","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html","http://www.securityfocus.com/bid/105523","http://www.securityfocus.com/bid/107511","http://www.securitytracker.com/id/1041811","https://access.redhat.com/errata/RHSA-2018:3408","https://access.redhat.com/errata/RHSA-2018:3505","https://access.redhat.com/errata/RHSA-2018:3541","https://access.redhat.com/errata/RHSA-2020:0316","https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404","https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46","https://marc.info/?l=git&m=153875888916397&w=2","https://seclists.org/bugtraq/2019/Mar/30","https://usn.ubuntu.com/3791-1/","https://www.debian.org/security/2018/dsa-4311","https://www.exploit-db.com/exploits/45548/","https://www.exploit-db.com/exploits/45631/","https://www.openwall.com/lists/oss-security/2018/10/06/3"],"published_time":"2018-10-06T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-11784","summary":"When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.82624,"ranking_epss":0.99228,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html","http://www.securityfocus.com/bid/105524","https://access.redhat.com/errata/RHSA-2019:0130","https://access.redhat.com/errata/RHSA-2019:0131","https://access.redhat.com/errata/RHSA-2019:0485","https://access.redhat.com/errata/RHSA-2019:1529","https://kc.mcafee.com/corporate/index?page=content&id=SB10284","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html","https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/","https://seclists.org/bugtraq/2019/Dec/43","https://security.netapp.com/advisory/ntap-20181014-0002/","https://usn.ubuntu.com/3787-1/","https://www.debian.org/security/2019/dsa-4596","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html","http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html","http://www.securityfocus.com/bid/105524","https://access.redhat.com/errata/RHSA-2019:0130","https://access.redhat.com/errata/RHSA-2019:0131","https://access.redhat.com/errata/RHSA-2019:0485","https://access.redhat.com/errata/RHSA-2019:1529","https://kc.mcafee.com/corporate/index?page=content&id=SB10284","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html","https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZ4PX4B3QTKRM35VJAVIEOPZAF76RPBP/","https://seclists.org/bugtraq/2019/Dec/43","https://security.netapp.com/advisory/ntap-20181014-0002/","https://usn.ubuntu.com/3787-1/","https://www.debian.org/security/2019/dsa-4596","https://www.oracle.com/security-alerts/cpuapr2020.html","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2018-10-04T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17972","summary":"An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.00056,"ranking_epss":0.17678,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html","http://www.securityfocus.com/bid/105525","https://access.redhat.com/errata/RHSA-2019:0512","https://access.redhat.com/errata/RHSA-2019:0514","https://access.redhat.com/errata/RHSA-2019:0831","https://access.redhat.com/errata/RHSA-2019:2473","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2","https://support.f5.com/csp/article/K27673650?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3821-1/","https://usn.ubuntu.com/3821-2/","https://usn.ubuntu.com/3832-1/","https://usn.ubuntu.com/3835-1/","https://usn.ubuntu.com/3871-1/","https://usn.ubuntu.com/3871-3/","https://usn.ubuntu.com/3871-4/","https://usn.ubuntu.com/3871-5/","https://usn.ubuntu.com/3880-1/","https://usn.ubuntu.com/3880-2/","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html","http://www.securityfocus.com/bid/105525","https://access.redhat.com/errata/RHSA-2019:0512","https://access.redhat.com/errata/RHSA-2019:0514","https://access.redhat.com/errata/RHSA-2019:0831","https://access.redhat.com/errata/RHSA-2019:2473","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2","https://support.f5.com/csp/article/K27673650?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3821-1/","https://usn.ubuntu.com/3821-2/","https://usn.ubuntu.com/3832-1/","https://usn.ubuntu.com/3835-1/","https://usn.ubuntu.com/3871-1/","https://usn.ubuntu.com/3871-3/","https://usn.ubuntu.com/3871-4/","https://usn.ubuntu.com/3871-5/","https://usn.ubuntu.com/3880-1/","https://usn.ubuntu.com/3880-2/"],"published_time":"2018-10-03T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17581","summary":"CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00252,"ranking_epss":0.48516,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/460","https://github.com/SegfaultMasters/covering360/blob/master/Exiv2","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/3852-1/","https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/460","https://github.com/SegfaultMasters/covering360/blob/master/Exiv2","https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://usn.ubuntu.com/3852-1/"],"published_time":"2018-09-28T09:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14650","summary":"It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.","cvss":5.9,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.9,"epss":0.00044,"ranking_epss":0.1352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3663","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650","https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed","https://access.redhat.com/errata/RHSA-2018:3663","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14650","https://github.com/sosreport/sos-collector/commit/72058f9253e7ed8c7243e2ff76a16d97b03d65ed"],"published_time":"2018-09-27T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14634","summary":"An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.22361,"ranking_epss":0.95797,"kev":true,"propose_action":"Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalate their privileges on the system.","ransomware_campaign":"Unknown","references":["http://www.openwall.com/lists/oss-security/2021/07/20/2","http://www.securityfocus.com/bid/105407","https://access.redhat.com/errata/RHSA-2018:2748","https://access.redhat.com/errata/RHSA-2018:2763","https://access.redhat.com/errata/RHSA-2018:2846","https://access.redhat.com/errata/RHSA-2018:2924","https://access.redhat.com/errata/RHSA-2018:2925","https://access.redhat.com/errata/RHSA-2018:2933","https://access.redhat.com/errata/RHSA-2018:3540","https://access.redhat.com/errata/RHSA-2018:3586","https://access.redhat.com/errata/RHSA-2018:3590","https://access.redhat.com/errata/RHSA-2018:3591","https://access.redhat.com/errata/RHSA-2018:3643","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634","https://security.netapp.com/advisory/ntap-20190204-0002/","https://security.paloaltonetworks.com/CVE-2018-14634","https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3775-1/","https://usn.ubuntu.com/3775-2/","https://usn.ubuntu.com/3779-1/","https://www.exploit-db.com/exploits/45516/","https://www.openwall.com/lists/oss-security/2018/09/25/4","http://www.openwall.com/lists/oss-security/2021/07/20/2","http://www.securityfocus.com/bid/105407","https://access.redhat.com/errata/RHSA-2018:2748","https://access.redhat.com/errata/RHSA-2018:2763","https://access.redhat.com/errata/RHSA-2018:2846","https://access.redhat.com/errata/RHSA-2018:2924","https://access.redhat.com/errata/RHSA-2018:2925","https://access.redhat.com/errata/RHSA-2018:2933","https://access.redhat.com/errata/RHSA-2018:3540","https://access.redhat.com/errata/RHSA-2018:3586","https://access.redhat.com/errata/RHSA-2018:3590","https://access.redhat.com/errata/RHSA-2018:3591","https://access.redhat.com/errata/RHSA-2018:3643","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634","https://security.netapp.com/advisory/ntap-20190204-0002/","https://security.paloaltonetworks.com/CVE-2018-14634","https://support.f5.com/csp/article/K20934447?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3775-1/","https://usn.ubuntu.com/3775-2/","https://usn.ubuntu.com/3779-1/","https://www.exploit-db.com/exploits/45516/","https://www.openwall.com/lists/oss-security/2018/09/25/4","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14634"],"published_time":"2018-09-25T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6054","summary":"Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01442,"ranking_epss":0.80692,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/797511","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/797511","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6049","summary":"Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00688,"ranking_epss":0.71706,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/774438","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/774438","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6050","summary":"Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/774842","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/774842","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6051","summary":"XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.0057,"ranking_epss":0.68562,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/441275","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/441275","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6052","summary":"Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00838,"ranking_epss":0.74634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/615608","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/615608","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6053","summary":"Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.3,"epss":0.0017,"ranking_epss":0.38338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/758169","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/758169","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6042","summary":"Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/773930","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/773930","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6043","summary":"Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/785809","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/785809","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6045","summary":"Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00936,"ranking_epss":0.76136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/797497","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/797497","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6046","summary":"Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.00909,"ranking_epss":0.75741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/798163","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/798163","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6047","summary":"Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00838,"ranking_epss":0.74634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/799847","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/799847","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6048","summary":"Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00773,"ranking_epss":0.7354,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/763194","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/763194","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6036","summary":"Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00936,"ranking_epss":0.76136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/789952","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/789952","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6037","summary":"Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00936,"ranking_epss":0.76136,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/753645","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/753645","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6038","summary":"Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0103,"ranking_epss":0.77283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/774174","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/774174","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6039","summary":"Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.00909,"ranking_epss":0.75741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/775527","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/775527","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6040","summary":"Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00606,"ranking_epss":0.69586,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/778658","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/778658","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6041","summary":"Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/760342","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/760342","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6031","summary":"Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/780450","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/780450","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6032","summary":"Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00797,"ranking_epss":0.7396,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/787103","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/787103","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6033","summary":"Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/793620","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/793620","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6034","summary":"Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","cvss":8.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":8.1,"epss":0.01066,"ranking_epss":0.77656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/784183","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/784183","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6035","summary":"Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01563,"ranking_epss":0.81452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/797500","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102797","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2018:0265","https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html","https://crbug.com/797500","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-09-25T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15967","summary":"Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.09983,"ranking_epss":0.93029,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105315","http://www.securitytracker.com/id/1041620","https://access.redhat.com/errata/RHSA-2018:2707","https://helpx.adobe.com/security/products/flash-player/apsb18-31.html","http://www.securityfocus.com/bid/105315","http://www.securitytracker.com/id/1041620","https://access.redhat.com/errata/RHSA-2018:2707","https://helpx.adobe.com/security/products/flash-player/apsb18-31.html"],"published_time":"2018-09-25T13:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14633","summary":"A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.","cvss":7.0,"cvss_version":3.0,"cvss_v2":8.3,"cvss_v3":7.0,"epss":0.07984,"ranking_epss":0.92057,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105388","https://access.redhat.com/errata/RHSA-2018:3651","https://access.redhat.com/errata/RHSA-2018:3666","https://access.redhat.com/errata/RHSA-2019:1946","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633","https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c","https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe","https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html","https://seclists.org/oss-sec/2018/q3/270","https://usn.ubuntu.com/3775-1/","https://usn.ubuntu.com/3775-2/","https://usn.ubuntu.com/3776-1/","https://usn.ubuntu.com/3776-2/","https://usn.ubuntu.com/3777-1/","https://usn.ubuntu.com/3777-2/","https://usn.ubuntu.com/3777-3/","https://usn.ubuntu.com/3779-1/","https://www.debian.org/security/2018/dsa-4308","http://www.securityfocus.com/bid/105388","https://access.redhat.com/errata/RHSA-2018:3651","https://access.redhat.com/errata/RHSA-2018:3666","https://access.redhat.com/errata/RHSA-2019:1946","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633","https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c","https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe","https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html","https://seclists.org/oss-sec/2018/q3/270","https://usn.ubuntu.com/3775-1/","https://usn.ubuntu.com/3775-2/","https://usn.ubuntu.com/3776-1/","https://usn.ubuntu.com/3776-2/","https://usn.ubuntu.com/3777-1/","https://usn.ubuntu.com/3777-2/","https://usn.ubuntu.com/3777-3/","https://usn.ubuntu.com/3779-1/","https://www.debian.org/security/2018/dsa-4308"],"published_time":"2018-09-25T00:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14647","summary":"Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.01634,"ranking_epss":0.81868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","http://www.securityfocus.com/bid/105396","http://www.securitytracker.com/id/1041740","https://access.redhat.com/errata/RHSA-2019:1260","https://access.redhat.com/errata/RHSA-2019:2030","https://access.redhat.com/errata/RHSA-2019:3725","https://bugs.python.org/issue34623","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html","https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/","https://usn.ubuntu.com/3817-1/","https://usn.ubuntu.com/3817-2/","https://www.debian.org/security/2018/dsa-4306","https://www.debian.org/security/2018/dsa-4307","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","http://www.securityfocus.com/bid/105396","http://www.securitytracker.com/id/1041740","https://access.redhat.com/errata/RHSA-2019:1260","https://access.redhat.com/errata/RHSA-2019:2030","https://access.redhat.com/errata/RHSA-2019:3725","https://bugs.python.org/issue34623","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html","https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/","https://usn.ubuntu.com/3817-1/","https://usn.ubuntu.com/3817-2/","https://www.debian.org/security/2018/dsa-4306","https://www.debian.org/security/2018/dsa-4307"],"published_time":"2018-09-25T00:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-17183","summary":"Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00771,"ranking_epss":0.73504,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=fb713b3818b52d8a6cf62c951eba2e1795ff9624","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=699708","https://lists.debian.org/debian-lts-announce/2018/09/msg00038.html","https://usn.ubuntu.com/3773-1/","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=fb713b3818b52d8a6cf62c951eba2e1795ff9624","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=699708","https://lists.debian.org/debian-lts-announce/2018/09/msg00038.html","https://usn.ubuntu.com/3773-1/"],"published_time":"2018-09-19T15:29:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15705","summary":"A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.01771,"ranking_epss":0.82603,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://www.securityfocus.com/bid/105347","https://access.redhat.com/errata/RHSA-2018:2916","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","https://usn.ubuntu.com/3811-1/","https://usn.ubuntu.com/3811-2/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","http://www.securityfocus.com/bid/105347","https://access.redhat.com/errata/RHSA-2018:2916","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","https://usn.ubuntu.com/3811-1/","https://usn.ubuntu.com/3811-2/"],"published_time":"2018-09-17T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-11781","summary":"Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00252,"ranking_epss":0.4847,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","https://access.redhat.com/errata/RHSA-2018:2916","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","https://usn.ubuntu.com/3811-1/","https://usn.ubuntu.com/3811-3/","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html","https://access.redhat.com/errata/RHSA-2018:2916","https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html","https://security.gentoo.org/glsa/201812-07","https://usn.ubuntu.com/3811-1/","https://usn.ubuntu.com/3811-3/"],"published_time":"2018-09-17T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14638","summary":"A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00863,"ranking_epss":0.75041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2757","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638","https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73","https://access.redhat.com/errata/RHSA-2018:2757","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14638","https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73"],"published_time":"2018-09-14T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-7035","summary":"An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.","cvss":8.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.8,"epss":0.00103,"ranking_epss":0.2828,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2614.html","http://rhn.redhat.com/errata/RHSA-2016-2675.html","http://www.openwall.com/lists/oss-security/2016/11/03/5","http://www.securityfocus.com/bid/94214","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7035","https://github.com/ClusterLabs/pacemaker/commit/5d71e65049","https://lists.clusterlabs.org/pipermail/users/2016-November/004432.html","https://security.gentoo.org/glsa/201710-08","http://rhn.redhat.com/errata/RHSA-2016-2614.html","http://rhn.redhat.com/errata/RHSA-2016-2675.html","http://www.openwall.com/lists/oss-security/2016/11/03/5","http://www.securityfocus.com/bid/94214","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7035","https://github.com/ClusterLabs/pacemaker/commit/5d71e65049","https://lists.clusterlabs.org/pipermail/users/2016-November/004432.html","https://security.gentoo.org/glsa/201710-08"],"published_time":"2018-09-10T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16802","summary":"An issue was discovered in Artifex Ghostscript before 9.25. Incorrect \"restoration of privilege\" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction. This is due to an incomplete fix for CVE-2018-16509.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00971,"ranking_epss":0.76597,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3e5d316b72e3965b7968bb1d96baa137cd063ac6","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=643b24dbd002fb9c131313253c307cf3951b3d47","https://access.redhat.com/errata/RHSA-2018:3834","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5812b1b78fc4d36fdc293b7859de69241140d590","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://seclists.org/oss-sec/2018/q3/228","https://seclists.org/oss-sec/2018/q3/229","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4294","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3e5d316b72e3965b7968bb1d96baa137cd063ac6","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=643b24dbd002fb9c131313253c307cf3951b3d47","https://access.redhat.com/errata/RHSA-2018:3834","https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5812b1b78fc4d36fdc293b7859de69241140d590","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://seclists.org/oss-sec/2018/q3/228","https://seclists.org/oss-sec/2018/q3/229","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4294"],"published_time":"2018-09-10T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5391","summary":"The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"epss":0.03822,"ranking_epss":0.88096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/07/06/3","http://www.openwall.com/lists/oss-security/2019/07/06/4","http://www.securityfocus.com/bid/105108","http://www.securitytracker.com/id/1041476","http://www.securitytracker.com/id/1041637","https://access.redhat.com/errata/RHSA-2018:2785","https://access.redhat.com/errata/RHSA-2018:2791","https://access.redhat.com/errata/RHSA-2018:2846","https://access.redhat.com/errata/RHSA-2018:2924","https://access.redhat.com/errata/RHSA-2018:2925","https://access.redhat.com/errata/RHSA-2018:2933","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2018:3459","https://access.redhat.com/errata/RHSA-2018:3540","https://access.redhat.com/errata/RHSA-2018:3586","https://access.redhat.com/errata/RHSA-2018:3590","https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf","https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f","https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://security.netapp.com/advisory/ntap-20181003-0002/","https://support.f5.com/csp/article/K74374841?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3740-1/","https://usn.ubuntu.com/3740-2/","https://usn.ubuntu.com/3741-1/","https://usn.ubuntu.com/3741-2/","https://usn.ubuntu.com/3742-1/","https://usn.ubuntu.com/3742-2/","https://www.debian.org/security/2018/dsa-4272","https://www.kb.cert.org/vuls/id/641765","http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/07/06/3","http://www.openwall.com/lists/oss-security/2019/07/06/4","http://www.securityfocus.com/bid/105108","http://www.securitytracker.com/id/1041476","http://www.securitytracker.com/id/1041637","https://access.redhat.com/errata/RHSA-2018:2785","https://access.redhat.com/errata/RHSA-2018:2791","https://access.redhat.com/errata/RHSA-2018:2846","https://access.redhat.com/errata/RHSA-2018:2924","https://access.redhat.com/errata/RHSA-2018:2925","https://access.redhat.com/errata/RHSA-2018:2933","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2018:3459","https://access.redhat.com/errata/RHSA-2018:3540","https://access.redhat.com/errata/RHSA-2018:3586","https://access.redhat.com/errata/RHSA-2018:3590","https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf","https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f","https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://security.netapp.com/advisory/ntap-20181003-0002/","https://support.f5.com/csp/article/K74374841?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3740-1/","https://usn.ubuntu.com/3740-2/","https://usn.ubuntu.com/3741-1/","https://usn.ubuntu.com/3741-2/","https://usn.ubuntu.com/3742-1/","https://usn.ubuntu.com/3742-2/","https://www.debian.org/security/2018/dsa-4272","https://www.kb.cert.org/vuls/id/641765"],"published_time":"2018-09-06T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14624","summary":"A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01478,"ranking_epss":0.80943,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html","https://access.redhat.com/errata/RHSA-2018:2757","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624","https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html","https://pagure.io/389-ds-base/issue/49937","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html","https://access.redhat.com/errata/RHSA-2018:2757","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624","https://lists.debian.org/debian-lts-announce/2018/09/msg00037.html","https://pagure.io/389-ds-base/issue/49937"],"published_time":"2018-09-06T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16539","summary":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00352,"ranking_epss":0.5759,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=a054156d425b4dbdaaa9fda4b5f1182b27598c2b","https://access.redhat.com/errata/RHSA-2018:3650","https://bugs.ghostscript.com/show_bug.cgi?id=699658","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4288","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=a054156d425b4dbdaaa9fda4b5f1182b27598c2b","https://access.redhat.com/errata/RHSA-2018:3650","https://bugs.ghostscript.com/show_bug.cgi?id=699658","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4288"],"published_time":"2018-09-05T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16540","summary":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00284,"ranking_epss":0.51794,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c432131c3fdb2143e148e8ba88555f7f7a63b25e","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.ghostscript.com/show_bug.cgi?id=699661","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4288","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c432131c3fdb2143e148e8ba88555f7f7a63b25e","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2019:0229","https://bugs.ghostscript.com/show_bug.cgi?id=699661","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4288"],"published_time":"2018-09-05T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16541","summary":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00454,"ranking_epss":0.6379,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=241d91112771a6104de10b3948c3f350d6690c1d","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=699664","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4288","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=241d91112771a6104de10b3948c3f350d6690c1d","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=699664","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4288"],"published_time":"2018-09-05T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16542","summary":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00426,"ranking_epss":0.62212,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8","http://seclists.org/oss-sec/2018/q3/182","http://www.securityfocus.com/bid/105337","https://access.redhat.com/errata/RHSA-2018:2918","https://bugs.ghostscript.com/show_bug.cgi?id=699668","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4288","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8","http://seclists.org/oss-sec/2018/q3/182","http://www.securityfocus.com/bid/105337","https://access.redhat.com/errata/RHSA-2018:2918","https://bugs.ghostscript.com/show_bug.cgi?id=699668","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4288"],"published_time":"2018-09-05T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16509","summary":"An issue was discovered in Artifex Ghostscript before 9.24. Incorrect \"restoration of privilege\" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"epss":0.91758,"ranking_epss":0.99682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33662a2afdc377159f70218e67bde5","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d590b4a91afac2e8417360b934156","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486a6595c43f1de1cd7ade696020a31","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=520bb0ea7519aa3e79db78aaf0589dae02103764","http://seclists.org/oss-sec/2018/q3/142","http://www.securityfocus.com/bid/105122","https://access.redhat.com/errata/RHSA-2018:2918","https://access.redhat.com/errata/RHSA-2018:3760","https://bugs.ghostscript.com/show_bug.cgi?id=699654","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4294","https://www.exploit-db.com/exploits/45369/","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=5516c614dc33662a2afdc377159f70218e67bde5","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=78911a01b67d590b4a91afac2e8417360b934156","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=79cccf641486a6595c43f1de1cd7ade696020a31","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=520bb0ea7519aa3e79db78aaf0589dae02103764","http://seclists.org/oss-sec/2018/q3/142","http://www.securityfocus.com/bid/105122","https://access.redhat.com/errata/RHSA-2018:2918","https://access.redhat.com/errata/RHSA-2018:3760","https://bugs.ghostscript.com/show_bug.cgi?id=699654","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4294","https://www.exploit-db.com/exploits/45369/"],"published_time":"2018-09-05T06:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16511","summary":"An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in \"ztype\" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00371,"ranking_epss":0.58862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0edd3d6c634a577db261615a9dc2719bca7f6e01","http://seclists.org/oss-sec/2018/q3/182","https://access.redhat.com/errata/RHSA-2018:3650","https://bugs.ghostscript.com/show_bug.cgi?id=699659","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4288","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0edd3d6c634a577db261615a9dc2719bca7f6e01","http://seclists.org/oss-sec/2018/q3/182","https://access.redhat.com/errata/RHSA-2018:3650","https://bugs.ghostscript.com/show_bug.cgi?id=699659","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.artifex.com/news/ghostscript-security-resolved/","https://www.debian.org/security/2018/dsa-4288"],"published_time":"2018-09-05T06:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10929","summary":"A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"epss":0.01681,"ranking_epss":0.82133,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","http://www.securityfocus.com/bid/107577","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10929","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","http://www.securityfocus.com/bid/107577","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10929","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10930","summary":"A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.01345,"ranking_epss":0.80029,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21068/","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21068/","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10926","summary":"A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.1,"epss":0.01394,"ranking_epss":0.80344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10926","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10926","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10927","summary":"A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.","cvss":7.1,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":7.1,"epss":0.02697,"ranking_epss":0.85823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10927","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10927","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10928","summary":"A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"epss":0.01652,"ranking_epss":0.81973,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10911","summary":"A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.","cvss":6.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":6.5,"epss":0.04332,"ranking_epss":0.88885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:2892","https://access.redhat.com/errata/RHSA-2018:3242","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21067/","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:2892","https://access.redhat.com/errata/RHSA-2018:3242","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10911","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21067/","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10913","summary":"An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.","cvss":3.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":3.5,"epss":0.00956,"ranking_epss":0.76391,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21071/","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21071/","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10914","summary":"It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":5.5,"epss":0.05767,"ranking_epss":0.90444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10914","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10914","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10923","summary":"It was found that the \"mknod\" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.","cvss":7.6,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":7.6,"epss":0.01206,"ranking_epss":0.78927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10907","summary":"It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"epss":0.0206,"ranking_epss":0.83863,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21070/","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10907","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21070/","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T13:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10904","summary":"It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.8,"epss":0.01214,"ranking_epss":0.78989,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21072/","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:2607","https://access.redhat.com/errata/RHSA-2018:2608","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904","https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://review.gluster.org/#/c/glusterfs/+/21072/","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-09-04T13:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16435","summary":"Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.0045,"ranking_epss":0.63629,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3004","https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8","https://github.com/mm2/Little-CMS/issues/171","https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html","https://security.gentoo.org/glsa/202105-18","https://usn.ubuntu.com/3770-1/","https://usn.ubuntu.com/3770-2/","https://www.debian.org/security/2018/dsa-4284","https://access.redhat.com/errata/RHSA-2018:3004","https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8","https://github.com/mm2/Little-CMS/issues/171","https://lists.debian.org/debian-lts-announce/2018/09/msg00005.html","https://security.gentoo.org/glsa/202105-18","https://usn.ubuntu.com/3770-1/","https://usn.ubuntu.com/3770-2/","https://www.debian.org/security/2018/dsa-4284"],"published_time":"2018-09-04T00:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16402","summary":"libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01447,"ranking_epss":0.80713,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23528","https://usn.ubuntu.com/4012-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23528","https://usn.ubuntu.com/4012-1/"],"published_time":"2018-09-03T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12825","summary":"Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.0128,"ranking_epss":0.79543,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105070","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html","http://www.securityfocus.com/bid/105070","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html"],"published_time":"2018-08-29T13:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12826","summary":"Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01972,"ranking_epss":0.83495,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105066","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html","http://www.securityfocus.com/bid/105066","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html"],"published_time":"2018-08-29T13:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12827","summary":"Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.08256,"ranking_epss":0.92205,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105066","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html","https://www.exploit-db.com/exploits/45268/","http://www.securityfocus.com/bid/105066","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html","https://www.exploit-db.com/exploits/45268/"],"published_time":"2018-08-29T13:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12828","summary":"Adobe Flash Player 30.0.0.134 and earlier have a \"use of a component with a known vulnerability\" vulnerability. Successful exploitation could lead to privilege escalation.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01471,"ranking_epss":0.80888,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105071","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html","http://www.securityfocus.com/bid/105071","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html"],"published_time":"2018-08-29T13:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12824","summary":"Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.02337,"ranking_epss":0.84797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105066","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html","http://www.securityfocus.com/bid/105066","http://www.securitytracker.com/id/1041448","https://access.redhat.com/errata/RHSA-2018:2435","https://helpx.adobe.com/security/products/flash-player/apsb18-25.html"],"published_time":"2018-08-29T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-16062","summary":"dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.0009,"ranking_epss":0.25712,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23541","https://sourceware.org/git/?p=elfutils.git%3Ba=commit%3Bh=29e31978ba51c1051743a503ee325b5ebc03d7e9","https://usn.ubuntu.com/4012-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html","https://access.redhat.com/errata/RHSA-2019:2197","https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html","https://lists.debian.org/debian-lts-announce/2021/10/msg00030.html","https://sourceware.org/bugzilla/show_bug.cgi?id=23541","https://sourceware.org/git/?p=elfutils.git%3Ba=commit%3Bh=29e31978ba51c1051743a503ee325b5ebc03d7e9","https://usn.ubuntu.com/4012-1/"],"published_time":"2018-08-29T03:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15396","summary":"A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01975,"ranking_epss":0.8351,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://bugs.icu-project.org/trac/changeset/40494","http://www.securityfocus.com/bid/101597","https://access.redhat.com/errata/RHSA-2017:3082","https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html","https://crbug.com/770452","https://security.gentoo.org/glsa/201711-02","https://www.debian.org/security/2017/dsa-4020","http://bugs.icu-project.org/trac/changeset/40494","http://www.securityfocus.com/bid/101597","https://access.redhat.com/errata/RHSA-2017:3082","https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html","https://crbug.com/770452","https://security.gentoo.org/glsa/201711-02","https://www.debian.org/security/2017/dsa-4020"],"published_time":"2018-08-28T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15398","summary":"A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.08635,"ranking_epss":0.92413,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101692","https://access.redhat.com/errata/RHSA-2017:3151","https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html","https://crbug.com/777728","https://security.gentoo.org/glsa/201711-02","https://www.debian.org/security/2017/dsa-4024","http://www.securityfocus.com/bid/101692","https://access.redhat.com/errata/RHSA-2017:3151","https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html","https://crbug.com/777728","https://security.gentoo.org/glsa/201711-02","https://www.debian.org/security/2017/dsa-4024"],"published_time":"2018-08-28T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15399","summary":"A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.29434,"ranking_epss":0.96583,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101692","https://access.redhat.com/errata/RHSA-2017:3151","https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html","https://crbug.com/776677","https://security.gentoo.org/glsa/201711-02","https://www.debian.org/security/2017/dsa-4024","http://www.securityfocus.com/bid/101692","https://access.redhat.com/errata/RHSA-2017:3151","https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html","https://crbug.com/776677","https://security.gentoo.org/glsa/201711-02","https://www.debian.org/security/2017/dsa-4024"],"published_time":"2018-08-28T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15429","summary":"Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.00728,"ranking_epss":0.72575,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102196","https://access.redhat.com/errata/RHSA-2017:3479","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html","https://crbug.com/788453","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2018/dsa-4103","http://www.securityfocus.com/bid/102196","https://access.redhat.com/errata/RHSA-2017:3479","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html","https://crbug.com/788453","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-08-28T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15426","summary":"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0066,"ranking_epss":0.71039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/756735","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/756735","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15427","summary":"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.00373,"ranking_epss":0.59023,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/768910","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/768910","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15424","summary":"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0066,"ranking_epss":0.71039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/756226","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/756226","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15425","summary":"Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0066,"ranking_epss":0.71039,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/756456","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/756456","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15423","summary":"Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00599,"ranking_epss":0.69367,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/778101","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/778101","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15422","summary":"Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.02003,"ranking_epss":0.83618,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/774382","https://security.gentoo.org/glsa/201801-03","https://usn.ubuntu.com/3610-1/","https://www.debian.org/security/2018/dsa-4150","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/774382","https://security.gentoo.org/glsa/201801-03","https://usn.ubuntu.com/3610-1/","https://www.debian.org/security/2018/dsa-4150"],"published_time":"2018-08-28T19:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15418","summary":"Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00659,"ranking_epss":0.71035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/765858","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/765858","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15419","summary":"Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0071,"ranking_epss":0.72173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/780312","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/780312","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15420","summary":"Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00909,"ranking_epss":0.7576,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/777419","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://www.debian.org/security/2018/dsa-4103","http://www.securitytracker.com/id/1040282","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/777419","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://www.debian.org/security/2018/dsa-4103"],"published_time":"2018-08-28T19:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15417","summary":"Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.","cvss":5.3,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":5.3,"epss":0.00586,"ranking_epss":0.69031,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/699028","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/699028","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15416","summary":"Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00541,"ranking_epss":0.67602,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/779314","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/779314","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15415","summary":"Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00692,"ranking_epss":0.71793,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/765512","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/765512","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15413","summary":"Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.0087,"ranking_epss":0.75154,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/766666","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/766666","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15412","summary":"Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01943,"ranking_epss":0.83389,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1040348","https://access.redhat.com/errata/RHSA-2017:3401","https://access.redhat.com/errata/RHSA-2018:0287","https://bugzilla.gnome.org/show_bug.cgi?id=783160","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/727039","https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2018/dsa-4086","http://www.securitytracker.com/id/1040348","https://access.redhat.com/errata/RHSA-2017:3401","https://access.redhat.com/errata/RHSA-2018:0287","https://bugzilla.gnome.org/show_bug.cgi?id=783160","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/727039","https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2018/dsa-4086"],"published_time":"2018-08-28T19:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15411","summary":"Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00888,"ranking_epss":0.75447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/770148","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/770148","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15410","summary":"Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00888,"ranking_epss":0.75447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/765921","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/765921","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15409","summary":"Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.0104,"ranking_epss":0.77394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/763972","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/763972","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15408","summary":"Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.0104,"ranking_epss":0.77394,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/762374","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/762374","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15407","summary":"Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01926,"ranking_epss":0.83325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/778505","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064","https://access.redhat.com/errata/RHSA-2017:3401","https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html","https://crbug.com/778505","https://security.gentoo.org/glsa/201801-03","https://www.debian.org/security/2017/dsa-4064"],"published_time":"2018-08-28T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15911","summary":"In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.02697,"ranking_epss":0.85825,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8e9ce5016db968b40e4ec255a3005f2786cce45f","http://www.securityfocus.com/bid/105122","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=699665","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4288","https://www.kb.cert.org/vuls/id/332928","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8e9ce5016db968b40e4ec255a3005f2786cce45f","http://www.securityfocus.com/bid/105122","https://access.redhat.com/errata/RHSA-2018:3834","https://bugs.ghostscript.com/show_bug.cgi?id=699665","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4288","https://www.kb.cert.org/vuls/id/332928"],"published_time":"2018-08-28T04:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15908","summary":"In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00234,"ranking_epss":0.46274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0d3901189f245232f0161addf215d7268c4d05a3","https://access.redhat.com/errata/RHSA-2018:3650","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4288","https://www.kb.cert.org/vuls/id/332928","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0d3901189f245232f0161addf215d7268c4d05a3","https://access.redhat.com/errata/RHSA-2018:3650","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4288","https://www.kb.cert.org/vuls/id/332928"],"published_time":"2018-08-27T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15909","summary":"In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.02274,"ranking_epss":0.84608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0b6cd1918e1ec4ffd087400a754a845180a4522b","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e01e77a36cbb2e0277bc3a63852244bec41be0f6","http://www.securityfocus.com/bid/105178","https://access.redhat.com/errata/RHSA-2018:3650","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://support.f5.com/csp/article/K24803507?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3768-1/","https://www.kb.cert.org/vuls/id/332928","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0b6cd1918e1ec4ffd087400a754a845180a4522b","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e01e77a36cbb2e0277bc3a63852244bec41be0f6","http://www.securityfocus.com/bid/105178","https://access.redhat.com/errata/RHSA-2018:3650","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://support.f5.com/csp/article/K24803507?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3768-1/","https://www.kb.cert.org/vuls/id/332928"],"published_time":"2018-08-27T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15910","summary":"In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.04834,"ranking_epss":0.89489,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c3476dde7743761a4e1d39a631716199b696b880","http://www.securityfocus.com/bid/105122","https://access.redhat.com/errata/RHSA-2018:2918","https://bugs.ghostscript.com/show_bug.cgi?id=699656","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4288","https://www.kb.cert.org/vuls/id/332928","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=c3476dde7743761a4e1d39a631716199b696b880","http://www.securityfocus.com/bid/105122","https://access.redhat.com/errata/RHSA-2018:2918","https://bugs.ghostscript.com/show_bug.cgi?id=699656","https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101","https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html","https://security.gentoo.org/glsa/201811-12","https://support.f5.com/csp/article/K22141757?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3768-1/","https://www.debian.org/security/2018/dsa-4288","https://www.kb.cert.org/vuls/id/332928"],"published_time":"2018-08-27T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2011-2767","summary":"mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.03454,"ranking_epss":0.87479,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html","http://www.securityfocus.com/bid/105195","https://access.redhat.com/errata/RHSA-2018:2737","https://access.redhat.com/errata/RHSA-2018:2825","https://access.redhat.com/errata/RHSA-2018:2826","https://bugs.debian.org/644169","https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d%40%3Cmodperl-cvs.perl.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/09/msg00018.html","https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E","https://usn.ubuntu.com/3825-1/","https://usn.ubuntu.com/3825-2/","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html","http://www.securityfocus.com/bid/105195","https://access.redhat.com/errata/RHSA-2018:2737","https://access.redhat.com/errata/RHSA-2018:2825","https://access.redhat.com/errata/RHSA-2018:2826","https://bugs.debian.org/644169","https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d%40%3Cmodperl-cvs.perl.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/09/msg00018.html","https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E","https://usn.ubuntu.com/3825-1/","https://usn.ubuntu.com/3825-2/"],"published_time":"2018-08-26T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14599","summary":"An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01708,"ranking_epss":0.82278,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/08/21/6","http://www.securityfocus.com/bid/105177","http://www.securitytracker.com/id/1041543","https://access.redhat.com/errata/RHSA-2019:2079","https://bugzilla.suse.com/show_bug.cgi?id=1102062","https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0","https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/","https://lists.x.org/archives/xorg-announce/2018-August/002916.html","https://security.gentoo.org/glsa/201811-01","https://usn.ubuntu.com/3758-1/","https://usn.ubuntu.com/3758-2/","http://www.openwall.com/lists/oss-security/2018/08/21/6","http://www.securityfocus.com/bid/105177","http://www.securitytracker.com/id/1041543","https://access.redhat.com/errata/RHSA-2019:2079","https://bugzilla.suse.com/show_bug.cgi?id=1102062","https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0","https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGARUV66TS5OOSLR5A76BUB7SDV6GO4F/","https://lists.x.org/archives/xorg-announce/2018-August/002916.html","https://security.gentoo.org/glsa/201811-01","https://usn.ubuntu.com/3758-1/","https://usn.ubuntu.com/3758-2/"],"published_time":"2018-08-24T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10858","summary":"A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.","cvss":4.3,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":4.3,"epss":0.0594,"ranking_epss":0.90601,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105085","http://www.securitytracker.com/id/1042002","https://access.redhat.com/errata/RHSA-2018:2612","https://access.redhat.com/errata/RHSA-2018:2613","https://access.redhat.com/errata/RHSA-2018:3056","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858","https://kc.mcafee.com/corporate/index?page=content&id=SB10284","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20180814-0001/","https://usn.ubuntu.com/3738-1/","https://www.debian.org/security/2018/dsa-4271","https://www.samba.org/samba/security/CVE-2018-10858.html","http://www.securityfocus.com/bid/105085","http://www.securitytracker.com/id/1042002","https://access.redhat.com/errata/RHSA-2018:2612","https://access.redhat.com/errata/RHSA-2018:2613","https://access.redhat.com/errata/RHSA-2018:3056","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10858","https://kc.mcafee.com/corporate/index?page=content&id=SB10284","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20180814-0001/","https://usn.ubuntu.com/3738-1/","https://www.debian.org/security/2018/dsa-4271","https://www.samba.org/samba/security/CVE-2018-10858.html"],"published_time":"2018-08-22T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1139","summary":"A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.","cvss":5.4,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.4,"epss":0.0162,"ranking_epss":0.81781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105084","https://access.redhat.com/errata/RHSA-2018:2612","https://access.redhat.com/errata/RHSA-2018:2613","https://access.redhat.com/errata/RHSA-2018:3056","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1139","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20180814-0001/","https://usn.ubuntu.com/3738-1/","https://www.samba.org/samba/security/CVE-2018-1139.html","http://www.securityfocus.com/bid/105084","https://access.redhat.com/errata/RHSA-2018:2612","https://access.redhat.com/errata/RHSA-2018:2613","https://access.redhat.com/errata/RHSA-2018:3056","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1139","https://security.gentoo.org/glsa/202003-52","https://security.netapp.com/advisory/ntap-20180814-0001/","https://usn.ubuntu.com/3738-1/","https://www.samba.org/samba/security/CVE-2018-1139.html"],"published_time":"2018-08-22T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10844","summary":"It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.00184,"ranking_epss":0.40173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105138","https://access.redhat.com/errata/RHSA-2018:3050","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844","https://eprint.iacr.org/2018/747","https://gitlab.com/gnutls/gnutls/merge_requests/657","https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/","https://usn.ubuntu.com/3999-1/","http://www.securityfocus.com/bid/105138","https://access.redhat.com/errata/RHSA-2018:3050","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844","https://eprint.iacr.org/2018/747","https://gitlab.com/gnutls/gnutls/merge_requests/657","https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/","https://usn.ubuntu.com/3999-1/"],"published_time":"2018-08-22T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10845","summary":"It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.01038,"ranking_epss":0.77372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105138","https://access.redhat.com/errata/RHSA-2018:3050","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845","https://eprint.iacr.org/2018/747","https://gitlab.com/gnutls/gnutls/merge_requests/657","https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/","https://usn.ubuntu.com/3999-1/","http://www.securityfocus.com/bid/105138","https://access.redhat.com/errata/RHSA-2018:3050","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845","https://eprint.iacr.org/2018/747","https://gitlab.com/gnutls/gnutls/merge_requests/657","https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/","https://usn.ubuntu.com/3999-1/"],"published_time":"2018-08-22T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10846","summary":"A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.","cvss":5.3,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":5.3,"epss":0.00014,"ranking_epss":0.02529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105138","https://access.redhat.com/errata/RHSA-2018:3050","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846","https://eprint.iacr.org/2018/747","https://gitlab.com/gnutls/gnutls/merge_requests/657","https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/","https://usn.ubuntu.com/3999-1/","http://www.securityfocus.com/bid/105138","https://access.redhat.com/errata/RHSA-2018:3050","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846","https://eprint.iacr.org/2018/747","https://gitlab.com/gnutls/gnutls/merge_requests/657","https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7/","https://usn.ubuntu.com/3999-1/"],"published_time":"2018-08-22T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10902","summary":"It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00079,"ranking_epss":0.23535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105119","http://www.securitytracker.com/id/1041529","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2019:0415","https://access.redhat.com/errata/RHSA-2019:0641","https://access.redhat.com/errata/RHSA-2019:3217","https://access.redhat.com/errata/RHSA-2019:3967","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0","https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html","https://usn.ubuntu.com/3776-1/","https://usn.ubuntu.com/3776-2/","https://usn.ubuntu.com/3847-1/","https://usn.ubuntu.com/3847-2/","https://usn.ubuntu.com/3847-3/","https://usn.ubuntu.com/3849-1/","https://usn.ubuntu.com/3849-2/","https://www.debian.org/security/2018/dsa-4308","http://www.securityfocus.com/bid/105119","http://www.securitytracker.com/id/1041529","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2019:0415","https://access.redhat.com/errata/RHSA-2019:0641","https://access.redhat.com/errata/RHSA-2019:3217","https://access.redhat.com/errata/RHSA-2019:3967","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0","https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html","https://usn.ubuntu.com/3776-1/","https://usn.ubuntu.com/3776-2/","https://usn.ubuntu.com/3847-1/","https://usn.ubuntu.com/3847-2/","https://usn.ubuntu.com/3847-3/","https://usn.ubuntu.com/3849-1/","https://usn.ubuntu.com/3849-2/","https://www.debian.org/security/2018/dsa-4308"],"published_time":"2018-08-21T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1517","summary":"A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.","cvss":5.9,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.9,"epss":0.00588,"ranking_epss":0.69094,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.ibm.com/support/docview.wss?uid=ibm10719653","http://www.securityfocus.com/bid/105117","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://exchange.xforce.ibmcloud.com/vulnerabilities/141681","http://www.ibm.com/support/docview.wss?uid=ibm10719653","http://www.securityfocus.com/bid/105117","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://exchange.xforce.ibmcloud.com/vulnerabilities/141681"],"published_time":"2018-08-20T21:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1656","summary":"The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.","cvss":7.4,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":7.4,"epss":0.00582,"ranking_epss":0.6889,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.ibm.com/support/docview.wss?uid=ibm10719653","http://www.securityfocus.com/bid/105118","http://www.securitytracker.com/id/1041765","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://exchange.xforce.ibmcloud.com/vulnerabilities/144882","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","http://www.ibm.com/support/docview.wss?uid=ibm10719653","http://www.securityfocus.com/bid/105118","http://www.securitytracker.com/id/1041765","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://exchange.xforce.ibmcloud.com/vulnerabilities/144882","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"],"published_time":"2018-08-20T21:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-5160","summary":"libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00145,"ranking_epss":0.34919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2577.html","http://www.openwall.com/lists/oss-security/2017/07/21/3","https://bugs.launchpad.net/ossn/+bug/1686743","https://bugzilla.redhat.com/show_bug.cgi?id=1245647","https://wiki.openstack.org/wiki/OSSN/OSSN-0079","http://rhn.redhat.com/errata/RHSA-2016-2577.html","http://www.openwall.com/lists/oss-security/2017/07/21/3","https://bugs.launchpad.net/ossn/+bug/1686743","https://bugzilla.redhat.com/show_bug.cgi?id=1245647","https://wiki.openstack.org/wiki/OSSN/OSSN-0079"],"published_time":"2018-08-20T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-15473","summary":"OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.90356,"ranking_epss":0.99601,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/08/15/5","http://www.securityfocus.com/bid/105140","http://www.securitytracker.com/id/1041487","https://access.redhat.com/errata/RHSA-2019:0711","https://access.redhat.com/errata/RHSA-2019:2143","https://bugs.debian.org/906236","https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0","https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html","https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011","https://security.gentoo.org/glsa/201810-03","https://security.netapp.com/advisory/ntap-20181101-0001/","https://usn.ubuntu.com/3809-1/","https://www.debian.org/security/2018/dsa-4280","https://www.exploit-db.com/exploits/45210/","https://www.exploit-db.com/exploits/45233/","https://www.exploit-db.com/exploits/45939/","https://www.oracle.com/security-alerts/cpujan2020.html","http://www.openwall.com/lists/oss-security/2018/08/15/5","http://www.securityfocus.com/bid/105140","http://www.securitytracker.com/id/1041487","https://access.redhat.com/errata/RHSA-2019:0711","https://access.redhat.com/errata/RHSA-2019:2143","https://bugs.debian.org/906236","https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0","https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html","https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011","https://security.gentoo.org/glsa/201810-03","https://security.netapp.com/advisory/ntap-20181101-0001/","https://usn.ubuntu.com/3809-1/","https://www.debian.org/security/2018/dsa-4280","https://www.exploit-db.com/exploits/45210/","https://www.exploit-db.com/exploits/45233/","https://www.exploit-db.com/exploits/45939/","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2018-08-17T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10873","summary":"A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.","cvss":8.3,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":8.3,"epss":0.01206,"ranking_epss":0.78931,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/105152","https://access.redhat.com/errata/RHSA-2018:2731","https://access.redhat.com/errata/RHSA-2018:2732","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873","https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c","https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html","https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html","https://lists.debian.org/debian-lts-announce/2018/08/msg00038.html","https://usn.ubuntu.com/3751-1/","https://www.debian.org/security/2018/dsa-4319","http://www.securityfocus.com/bid/105152","https://access.redhat.com/errata/RHSA-2018:2731","https://access.redhat.com/errata/RHSA-2018:2732","https://access.redhat.com/errata/RHSA-2018:3470","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873","https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c","https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html","https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html","https://lists.debian.org/debian-lts-announce/2018/08/msg00038.html","https://usn.ubuntu.com/3751-1/","https://www.debian.org/security/2018/dsa-4319"],"published_time":"2018-08-17T12:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10915","summary":"A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.","cvss":8.5,"cvss_version":3.0,"cvss_v2":6.0,"cvss_v3":8.5,"epss":0.01753,"ranking_epss":0.82522,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html","http://www.securityfocus.com/bid/105054","http://www.securitytracker.com/id/1041446","https://access.redhat.com/errata/RHSA-2018:2511","https://access.redhat.com/errata/RHSA-2018:2557","https://access.redhat.com/errata/RHSA-2018:2565","https://access.redhat.com/errata/RHSA-2018:2566","https://access.redhat.com/errata/RHSA-2018:2643","https://access.redhat.com/errata/RHSA-2018:2721","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3816","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10915","https://lists.debian.org/debian-lts-announce/2018/08/msg00012.html","https://security.gentoo.org/glsa/201810-08","https://usn.ubuntu.com/3744-1/","https://www.debian.org/security/2018/dsa-4269","https://www.postgresql.org/about/news/1878/","http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html","http://www.securityfocus.com/bid/105054","http://www.securitytracker.com/id/1041446","https://access.redhat.com/errata/RHSA-2018:2511","https://access.redhat.com/errata/RHSA-2018:2557","https://access.redhat.com/errata/RHSA-2018:2565","https://access.redhat.com/errata/RHSA-2018:2566","https://access.redhat.com/errata/RHSA-2018:2643","https://access.redhat.com/errata/RHSA-2018:2721","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3816","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10915","https://lists.debian.org/debian-lts-announce/2018/08/msg00012.html","https://security.gentoo.org/glsa/201810-08","https://usn.ubuntu.com/3744-1/","https://www.debian.org/security/2018/dsa-4269","https://www.postgresql.org/about/news/1878/"],"published_time":"2018-08-09T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5390","summary":"Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"epss":0.11423,"ranking_epss":0.93553,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/07/06/3","http://www.openwall.com/lists/oss-security/2019/07/06/4","http://www.securityfocus.com/bid/104976","http://www.securitytracker.com/id/1041424","http://www.securitytracker.com/id/1041434","https://access.redhat.com/errata/RHSA-2018:2384","https://access.redhat.com/errata/RHSA-2018:2395","https://access.redhat.com/errata/RHSA-2018:2402","https://access.redhat.com/errata/RHSA-2018:2403","https://access.redhat.com/errata/RHSA-2018:2645","https://access.redhat.com/errata/RHSA-2018:2776","https://access.redhat.com/errata/RHSA-2018:2785","https://access.redhat.com/errata/RHSA-2018:2789","https://access.redhat.com/errata/RHSA-2018:2790","https://access.redhat.com/errata/RHSA-2018:2791","https://access.redhat.com/errata/RHSA-2018:2924","https://access.redhat.com/errata/RHSA-2018:2933","https://access.redhat.com/errata/RHSA-2018:2948","https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf","https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html","https://security.netapp.com/advisory/ntap-20180815-0003/","https://support.f5.com/csp/article/K95343321","https://support.f5.com/csp/article/K95343321?utm_source=f5support&amp%3Butm_medium=RSS","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp","https://usn.ubuntu.com/3732-1/","https://usn.ubuntu.com/3732-2/","https://usn.ubuntu.com/3741-1/","https://usn.ubuntu.com/3741-2/","https://usn.ubuntu.com/3742-1/","https://usn.ubuntu.com/3742-2/","https://usn.ubuntu.com/3763-1/","https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack","https://www.debian.org/security/2018/dsa-4266","https://www.kb.cert.org/vuls/id/962459","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.synology.com/support/security/Synology_SA_18_41","http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en","http://www.openwall.com/lists/oss-security/2019/06/28/2","http://www.openwall.com/lists/oss-security/2019/07/06/3","http://www.openwall.com/lists/oss-security/2019/07/06/4","http://www.securityfocus.com/bid/104976","http://www.securitytracker.com/id/1041424","http://www.securitytracker.com/id/1041434","https://access.redhat.com/errata/RHSA-2018:2384","https://access.redhat.com/errata/RHSA-2018:2395","https://access.redhat.com/errata/RHSA-2018:2402","https://access.redhat.com/errata/RHSA-2018:2403","https://access.redhat.com/errata/RHSA-2018:2645","https://access.redhat.com/errata/RHSA-2018:2776","https://access.redhat.com/errata/RHSA-2018:2785","https://access.redhat.com/errata/RHSA-2018:2789","https://access.redhat.com/errata/RHSA-2018:2790","https://access.redhat.com/errata/RHSA-2018:2791","https://access.redhat.com/errata/RHSA-2018:2924","https://access.redhat.com/errata/RHSA-2018:2933","https://access.redhat.com/errata/RHSA-2018:2948","https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf","https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html","https://security.netapp.com/advisory/ntap-20180815-0003/","https://support.f5.com/csp/article/K95343321","https://support.f5.com/csp/article/K95343321?utm_source=f5support&amp%3Butm_medium=RSS","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp","https://usn.ubuntu.com/3732-1/","https://usn.ubuntu.com/3732-2/","https://usn.ubuntu.com/3741-1/","https://usn.ubuntu.com/3741-2/","https://usn.ubuntu.com/3742-1/","https://usn.ubuntu.com/3742-2/","https://usn.ubuntu.com/3763-1/","https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack","https://www.debian.org/security/2018/dsa-4266","https://www.kb.cert.org/vuls/id/962459","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.synology.com/support/security/Synology_SA_18_41"],"published_time":"2018-08-06T20:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1336","summary":"An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.18551,"ranking_epss":0.95231,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E","http://www.securityfocus.com/bid/104898","http://www.securitytracker.com/id/1041375","https://access.redhat.com/errata/RHEA-2018:2188","https://access.redhat.com/errata/RHEA-2018:2189","https://access.redhat.com/errata/RHSA-2018:2700","https://access.redhat.com/errata/RHSA-2018:2701","https://access.redhat.com/errata/RHSA-2018:2740","https://access.redhat.com/errata/RHSA-2018:2741","https://access.redhat.com/errata/RHSA-2018:2742","https://access.redhat.com/errata/RHSA-2018:2743","https://access.redhat.com/errata/RHSA-2018:2921","https://access.redhat.com/errata/RHSA-2018:2930","https://access.redhat.com/errata/RHSA-2018:2939","https://access.redhat.com/errata/RHSA-2018:2945","https://access.redhat.com/errata/RHSA-2018:3768","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html","https://security.netapp.com/advisory/ntap-20180817-0001/","https://support.f5.com/csp/article/K73008537?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3723-1/","https://www.debian.org/security/2018/dsa-4281","https://www.oracle.com/security-alerts/cpuapr2020.html","http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E","http://www.securityfocus.com/bid/104898","http://www.securitytracker.com/id/1041375","https://access.redhat.com/errata/RHEA-2018:2188","https://access.redhat.com/errata/RHEA-2018:2189","https://access.redhat.com/errata/RHSA-2018:2700","https://access.redhat.com/errata/RHSA-2018:2701","https://access.redhat.com/errata/RHSA-2018:2740","https://access.redhat.com/errata/RHSA-2018:2741","https://access.redhat.com/errata/RHSA-2018:2742","https://access.redhat.com/errata/RHSA-2018:2743","https://access.redhat.com/errata/RHSA-2018:2921","https://access.redhat.com/errata/RHSA-2018:2930","https://access.redhat.com/errata/RHSA-2018:2939","https://access.redhat.com/errata/RHSA-2018:2945","https://access.redhat.com/errata/RHSA-2018:3768","https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html","https://security.netapp.com/advisory/ntap-20180817-0001/","https://support.f5.com/csp/article/K73008537?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3723-1/","https://www.debian.org/security/2018/dsa-4281","https://www.oracle.com/security-alerts/cpuapr2020.html"],"published_time":"2018-08-02T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2015-9262","summary":"_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03049,"ranking_epss":0.86648,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3059","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.freedesktop.org/show_bug.cgi?id=90857","https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05","https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html","https://usn.ubuntu.com/3729-1/","https://access.redhat.com/errata/RHSA-2018:3059","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.freedesktop.org/show_bug.cgi?id=90857","https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=897213f36baf6926daf6d192c709cf627aa5fd05","https://lists.debian.org/debian-lts-announce/2018/08/msg00016.html","https://usn.ubuntu.com/3729-1/"],"published_time":"2018-08-01T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9583","summary":"An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.","cvss":5.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":5.5,"epss":0.00318,"ranking_epss":0.5486,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/94925","https://access.redhat.com/errata/RHSA-2017:1208","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583","https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7d","https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3d","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://www.securityfocus.com/bid/94925","https://access.redhat.com/errata/RHSA-2017:1208","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583","https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7d","https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3d","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"published_time":"2018-08-01T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10897","summary":"A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.02619,"ranking_epss":0.85603,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1041594","https://access.redhat.com/errata/RHSA-2018:2284","https://access.redhat.com/errata/RHSA-2018:2285","https://access.redhat.com/errata/RHSA-2018:2626","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897","https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c","https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c","https://github.com/rpm-software-management/yum-utils/pull/43","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","http://www.securitytracker.com/id/1041594","https://access.redhat.com/errata/RHSA-2018:2284","https://access.redhat.com/errata/RHSA-2018:2285","https://access.redhat.com/errata/RHSA-2018:2626","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897","https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c","https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c","https://github.com/rpm-software-management/yum-utils/pull/43","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"],"published_time":"2018-08-01T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-8654","summary":"A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00234,"ranking_epss":0.46221,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/94583","https://access.redhat.com/errata/RHSA-2017:1208","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654","https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a","https://github.com/mdadams/jasper/issues/93","https://github.com/mdadams/jasper/issues/94","https://www.debian.org/security/2017/dsa-3785","http://www.securityfocus.com/bid/94583","https://access.redhat.com/errata/RHSA-2017:1208","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8654","https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a","https://github.com/mdadams/jasper/issues/93","https://github.com/mdadams/jasper/issues/94","https://www.debian.org/security/2017/dsa-3785"],"published_time":"2018-08-01T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9579","summary":"A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.","cvss":6.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":6.5,"epss":0.18013,"ranking_epss":0.95142,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2954.html","http://rhn.redhat.com/errata/RHSA-2016-2956.html","http://rhn.redhat.com/errata/RHSA-2016-2994.html","http://rhn.redhat.com/errata/RHSA-2016-2995.html","http://tracker.ceph.com/issues/18187","http://www.securityfocus.com/bid/94936","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579","http://rhn.redhat.com/errata/RHSA-2016-2954.html","http://rhn.redhat.com/errata/RHSA-2016-2956.html","http://rhn.redhat.com/errata/RHSA-2016-2994.html","http://rhn.redhat.com/errata/RHSA-2016-2995.html","http://tracker.ceph.com/issues/18187","http://www.securityfocus.com/bid/94936","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579"],"published_time":"2018-08-01T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-8635","summary":"It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.3,"epss":0.00415,"ranking_epss":0.61595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2779.html","http://www.securityfocus.com/bid/94346","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635","https://security.gentoo.org/glsa/201701-46","http://rhn.redhat.com/errata/RHSA-2016-2779.html","http://www.securityfocus.com/bid/94346","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635","https://security.gentoo.org/glsa/201701-46"],"published_time":"2018-08-01T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9573","summary":"An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.","cvss":6.5,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":6.5,"epss":0.01059,"ranking_epss":0.77588,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0838.html","http://www.securityfocus.com/bid/97073","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573","https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d","https://github.com/uclouvain/openjpeg/issues/862","https://security.gentoo.org/glsa/201710-26","https://www.debian.org/security/2017/dsa-3768","http://rhn.redhat.com/errata/RHSA-2017-0838.html","http://www.securityfocus.com/bid/97073","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573","https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d","https://github.com/uclouvain/openjpeg/issues/862","https://security.gentoo.org/glsa/201710-26","https://www.debian.org/security/2017/dsa-3768"],"published_time":"2018-08-01T06:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-8626","summary":"A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.5,"epss":0.02873,"ranking_epss":0.86229,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2815.html","http://rhn.redhat.com/errata/RHSA-2016-2816.html","http://rhn.redhat.com/errata/RHSA-2016-2847.html","http://rhn.redhat.com/errata/RHSA-2016-2848.html","http://tracker.ceph.com/issues/17635","http://www.securityfocus.com/bid/94488","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626","http://rhn.redhat.com/errata/RHSA-2016-2815.html","http://rhn.redhat.com/errata/RHSA-2016-2816.html","http://rhn.redhat.com/errata/RHSA-2016-2847.html","http://rhn.redhat.com/errata/RHSA-2016-2848.html","http://tracker.ceph.com/issues/17635","http://www.securityfocus.com/bid/94488","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626"],"published_time":"2018-07-31T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10883","summary":"A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.","cvss":4.8,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.8,"epss":0.0005,"ranking_epss":0.15493,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://support.f5.com/csp/article/K94735334?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3871-1/","https://usn.ubuntu.com/3871-3/","https://usn.ubuntu.com/3871-4/","https://usn.ubuntu.com/3871-5/","https://usn.ubuntu.com/3879-1/","https://usn.ubuntu.com/3879-2/","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://support.f5.com/csp/article/K94735334?utm_source=f5support&amp%3Butm_medium=RSS","https://usn.ubuntu.com/3871-1/","https://usn.ubuntu.com/3871-3/","https://usn.ubuntu.com/3871-4/","https://usn.ubuntu.com/3871-5/","https://usn.ubuntu.com/3879-1/","https://usn.ubuntu.com/3879-2/"],"published_time":"2018-07-30T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7518","summary":"A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":5.5,"epss":0.0009,"ranking_epss":0.25722,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2017/06/23/5","http://www.securityfocus.com/bid/99263","http://www.securitytracker.com/id/1038782","https://access.redhat.com/articles/3290921","https://access.redhat.com/errata/RHSA-2018:0395","https://access.redhat.com/errata/RHSA-2018:0412","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3754-1/","https://www.debian.org/security/2017/dsa-3981","https://www.spinics.net/lists/kvm/msg151817.html","http://www.openwall.com/lists/oss-security/2017/06/23/5","http://www.securityfocus.com/bid/99263","http://www.securitytracker.com/id/1038782","https://access.redhat.com/articles/3290921","https://access.redhat.com/errata/RHSA-2018:0395","https://access.redhat.com/errata/RHSA-2018:0412","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3754-1/","https://www.debian.org/security/2017/dsa-3981","https://www.spinics.net/lists/kvm/msg151817.html"],"published_time":"2018-07-30T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14679","summary":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00915,"ranking_epss":0.75844,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/07/26/1","http://www.securitytracker.com/id/1041410","https://access.redhat.com/errata/RHSA-2018:3327","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.debian.org/904802","https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a","https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3728-1/","https://usn.ubuntu.com/3728-2/","https://usn.ubuntu.com/3728-3/","https://usn.ubuntu.com/3789-2/","https://www.debian.org/security/2018/dsa-4260","http://www.openwall.com/lists/oss-security/2018/07/26/1","http://www.securitytracker.com/id/1041410","https://access.redhat.com/errata/RHSA-2018:3327","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.debian.org/904802","https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a","https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3728-1/","https://usn.ubuntu.com/3728-2/","https://usn.ubuntu.com/3728-3/","https://usn.ubuntu.com/3789-2/","https://www.debian.org/security/2018/dsa-4260"],"published_time":"2018-07-28T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14680","summary":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.02922,"ranking_epss":0.86352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/07/26/1","http://www.securitytracker.com/id/1041410","https://access.redhat.com/errata/RHSA-2018:3327","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.debian.org/904801","https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a","https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3728-1/","https://usn.ubuntu.com/3728-2/","https://usn.ubuntu.com/3728-3/","https://usn.ubuntu.com/3789-2/","https://www.debian.org/security/2018/dsa-4260","http://www.openwall.com/lists/oss-security/2018/07/26/1","http://www.securitytracker.com/id/1041410","https://access.redhat.com/errata/RHSA-2018:3327","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.debian.org/904801","https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a","https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3728-1/","https://usn.ubuntu.com/3728-2/","https://usn.ubuntu.com/3728-3/","https://usn.ubuntu.com/3789-2/","https://www.debian.org/security/2018/dsa-4260"],"published_time":"2018-07-28T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14681","summary":"An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.04428,"ranking_epss":0.89001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/07/26/1","http://www.securitytracker.com/id/1041410","https://access.redhat.com/errata/RHSA-2018:3327","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.debian.org/904799","https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8","https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3728-1/","https://usn.ubuntu.com/3728-2/","https://usn.ubuntu.com/3728-3/","https://usn.ubuntu.com/3789-2/","https://www.debian.org/security/2018/dsa-4260","http://www.openwall.com/lists/oss-security/2018/07/26/1","http://www.securitytracker.com/id/1041410","https://access.redhat.com/errata/RHSA-2018:3327","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.debian.org/904799","https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8","https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3728-1/","https://usn.ubuntu.com/3728-2/","https://usn.ubuntu.com/3728-3/","https://usn.ubuntu.com/3789-2/","https://www.debian.org/security/2018/dsa-4260"],"published_time":"2018-07-28T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14682","summary":"An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.04428,"ranking_epss":0.89001,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/07/26/1","http://www.securitytracker.com/id/1041410","https://access.redhat.com/errata/RHSA-2018:3327","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.debian.org/904800","https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8","https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3728-1/","https://usn.ubuntu.com/3728-2/","https://usn.ubuntu.com/3728-3/","https://usn.ubuntu.com/3789-2/","https://www.debian.org/security/2018/dsa-4260","http://www.openwall.com/lists/oss-security/2018/07/26/1","http://www.securitytracker.com/id/1041410","https://access.redhat.com/errata/RHSA-2018:3327","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.debian.org/904800","https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8","https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html","https://security.gentoo.org/glsa/201903-20","https://usn.ubuntu.com/3728-1/","https://usn.ubuntu.com/3728-2/","https://usn.ubuntu.com/3728-3/","https://usn.ubuntu.com/3789-2/","https://www.debian.org/security/2018/dsa-4260"],"published_time":"2018-07-28T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9578","summary":"A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.03335,"ranking_epss":0.87257,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0253.html","http://rhn.redhat.com/errata/RHSA-2017-0549.html","http://www.securityfocus.com/bid/96118","https://access.redhat.com/errata/RHSA-2017:0254","https://access.redhat.com/errata/RHSA-2017:0552","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578","https://www.debian.org/security/2017/dsa-3790","http://rhn.redhat.com/errata/RHSA-2017-0253.html","http://rhn.redhat.com/errata/RHSA-2017-0549.html","http://www.securityfocus.com/bid/96118","https://access.redhat.com/errata/RHSA-2017:0254","https://access.redhat.com/errata/RHSA-2017:0552","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9578","https://www.debian.org/security/2017/dsa-3790"],"published_time":"2018-07-27T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9603","summary":"A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.","cvss":5.5,"cvss_version":3.0,"cvss_v2":9.0,"cvss_v3":5.5,"epss":0.01587,"ranking_epss":0.81574,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/96893","http://www.securitytracker.com/id/1038023","https://access.redhat.com/errata/RHSA-2017:0980","https://access.redhat.com/errata/RHSA-2017:0981","https://access.redhat.com/errata/RHSA-2017:0982","https://access.redhat.com/errata/RHSA-2017:0983","https://access.redhat.com/errata/RHSA-2017:0984","https://access.redhat.com/errata/RHSA-2017:0985","https://access.redhat.com/errata/RHSA-2017:0987","https://access.redhat.com/errata/RHSA-2017:0988","https://access.redhat.com/errata/RHSA-2017:1205","https://access.redhat.com/errata/RHSA-2017:1206","https://access.redhat.com/errata/RHSA-2017:1441","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603","https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://security.gentoo.org/glsa/201706-03","https://support.citrix.com/article/CTX221578","http://www.securityfocus.com/bid/96893","http://www.securitytracker.com/id/1038023","https://access.redhat.com/errata/RHSA-2017:0980","https://access.redhat.com/errata/RHSA-2017:0981","https://access.redhat.com/errata/RHSA-2017:0982","https://access.redhat.com/errata/RHSA-2017:0983","https://access.redhat.com/errata/RHSA-2017:0984","https://access.redhat.com/errata/RHSA-2017:0985","https://access.redhat.com/errata/RHSA-2017:0987","https://access.redhat.com/errata/RHSA-2017:0988","https://access.redhat.com/errata/RHSA-2017:1205","https://access.redhat.com/errata/RHSA-2017:1206","https://access.redhat.com/errata/RHSA-2017:1441","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9603","https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://security.gentoo.org/glsa/201706-03","https://support.citrix.com/article/CTX221578"],"published_time":"2018-07-27T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9577","summary":"A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.","cvss":7.5,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":7.5,"epss":0.03672,"ranking_epss":0.87866,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0253.html","http://rhn.redhat.com/errata/RHSA-2017-0549.html","http://www.securityfocus.com/bid/96040","https://access.redhat.com/errata/RHSA-2017:0254","https://access.redhat.com/errata/RHSA-2017:0552","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577","https://www.debian.org/security/2017/dsa-3790","http://rhn.redhat.com/errata/RHSA-2017-0253.html","http://rhn.redhat.com/errata/RHSA-2017-0549.html","http://www.securityfocus.com/bid/96040","https://access.redhat.com/errata/RHSA-2017:0254","https://access.redhat.com/errata/RHSA-2017:0552","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9577","https://www.debian.org/security/2017/dsa-3790"],"published_time":"2018-07-27T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15097","summary":"Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.","cvss":6.5,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.5,"epss":0.00039,"ranking_epss":0.11887,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1039983","https://access.redhat.com/errata/RHSA-2017:3402","https://access.redhat.com/errata/RHSA-2017:3403","https://access.redhat.com/errata/RHSA-2017:3404","https://access.redhat.com/errata/RHSA-2017:3405","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097","http://www.securitytracker.com/id/1039983","https://access.redhat.com/errata/RHSA-2017:3402","https://access.redhat.com/errata/RHSA-2017:3403","https://access.redhat.com/errata/RHSA-2017:3404","https://access.redhat.com/errata/RHSA-2017:3405","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097"],"published_time":"2018-07-27T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15101","summary":"A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.8,"epss":0.00316,"ranking_epss":0.54684,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3384","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101","https://access.redhat.com/errata/RHSA-2017:3384","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101"],"published_time":"2018-07-27T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2616","summary":"A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":5.5,"epss":0.00062,"ranking_epss":0.19452,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0654.html","http://www.securityfocus.com/bid/96404","http://www.securitytracker.com/id/1038271","https://access.redhat.com/errata/RHSA-2017:0907","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616","https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891","https://security.gentoo.org/glsa/201706-02","https://www.debian.org/security/2017/dsa-3793","http://rhn.redhat.com/errata/RHSA-2017-0654.html","http://www.securityfocus.com/bid/96404","http://www.securitytracker.com/id/1038271","https://access.redhat.com/errata/RHSA-2017:0907","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616","https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891","https://security.gentoo.org/glsa/201706-02","https://www.debian.org/security/2017/dsa-3793"],"published_time":"2018-07-27T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2618","summary":"A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.0005,"ranking_epss":0.15735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/96272","https://access.redhat.com/errata/RHSA-2017:0931","https://access.redhat.com/errata/RHSA-2017:0932","https://access.redhat.com/errata/RHSA-2017:0933","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125","https://marc.info/?l=selinux&m=148588165923772&w=2","https://www.debian.org/security/2017/dsa-3791","http://www.securityfocus.com/bid/96272","https://access.redhat.com/errata/RHSA-2017:0931","https://access.redhat.com/errata/RHSA-2017:0932","https://access.redhat.com/errata/RHSA-2017:0933","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125","https://marc.info/?l=selinux&m=148588165923772&w=2","https://www.debian.org/security/2017/dsa-3791"],"published_time":"2018-07-27T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2620","summary":"Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.","cvss":5.5,"cvss_version":3.0,"cvss_v2":9.0,"cvss_v3":5.5,"epss":0.0241,"ranking_epss":0.85038,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0328.html","http://rhn.redhat.com/errata/RHSA-2017-0329.html","http://rhn.redhat.com/errata/RHSA-2017-0330.html","http://rhn.redhat.com/errata/RHSA-2017-0331.html","http://rhn.redhat.com/errata/RHSA-2017-0332.html","http://rhn.redhat.com/errata/RHSA-2017-0333.html","http://rhn.redhat.com/errata/RHSA-2017-0334.html","http://rhn.redhat.com/errata/RHSA-2017-0350.html","http://rhn.redhat.com/errata/RHSA-2017-0351.html","http://rhn.redhat.com/errata/RHSA-2017-0352.html","http://rhn.redhat.com/errata/RHSA-2017-0396.html","http://rhn.redhat.com/errata/RHSA-2017-0454.html","http://www.openwall.com/lists/oss-security/2017/02/21/1","http://www.securityfocus.com/bid/96378","http://www.securitytracker.com/id/1037870","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620","https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html","https://security.gentoo.org/glsa/201703-07","https://security.gentoo.org/glsa/201704-01","https://support.citrix.com/article/CTX220771","https://xenbits.xen.org/xsa/advisory-209.html","http://rhn.redhat.com/errata/RHSA-2017-0328.html","http://rhn.redhat.com/errata/RHSA-2017-0329.html","http://rhn.redhat.com/errata/RHSA-2017-0330.html","http://rhn.redhat.com/errata/RHSA-2017-0331.html","http://rhn.redhat.com/errata/RHSA-2017-0332.html","http://rhn.redhat.com/errata/RHSA-2017-0333.html","http://rhn.redhat.com/errata/RHSA-2017-0334.html","http://rhn.redhat.com/errata/RHSA-2017-0350.html","http://rhn.redhat.com/errata/RHSA-2017-0351.html","http://rhn.redhat.com/errata/RHSA-2017-0352.html","http://rhn.redhat.com/errata/RHSA-2017-0396.html","http://rhn.redhat.com/errata/RHSA-2017-0454.html","http://www.openwall.com/lists/oss-security/2017/02/21/1","http://www.securityfocus.com/bid/96378","http://www.securitytracker.com/id/1037870","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620","https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html","https://security.gentoo.org/glsa/201703-07","https://security.gentoo.org/glsa/201704-01","https://support.citrix.com/article/CTX220771","https://xenbits.xen.org/xsa/advisory-209.html"],"published_time":"2018-07-27T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2626","summary":"It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.","cvss":5.2,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.2,"epss":0.00098,"ranking_epss":0.2705,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2019/07/14/3","http://www.securityfocus.com/bid/96480","http://www.securitytracker.com/id/1037919","https://access.redhat.com/errata/RHSA-2017:1865","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626","https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b","https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html","https://security.gentoo.org/glsa/201704-03","https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/","http://www.openwall.com/lists/oss-security/2019/07/14/3","http://www.securityfocus.com/bid/96480","http://www.securitytracker.com/id/1037919","https://access.redhat.com/errata/RHSA-2017:1865","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626","https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b","https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html","https://security.gentoo.org/glsa/201704-03","https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"],"published_time":"2018-07-27T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2633","summary":"An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process.","cvss":5.4,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":5.4,"epss":0.00558,"ranking_epss":0.68182,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2017/02/23/1","http://www.securityfocus.com/bid/96417","https://access.redhat.com/errata/RHSA-2017:1205","https://access.redhat.com/errata/RHSA-2017:1206","https://access.redhat.com/errata/RHSA-2017:1441","https://access.redhat.com/errata/RHSA-2017:1856","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633","https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7","https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef","http://www.openwall.com/lists/oss-security/2017/02/23/1","http://www.securityfocus.com/bid/96417","https://access.redhat.com/errata/RHSA-2017:1205","https://access.redhat.com/errata/RHSA-2017:1206","https://access.redhat.com/errata/RHSA-2017:1441","https://access.redhat.com/errata/RHSA-2017:1856","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633","https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=9f64916da20eea67121d544698676295bbb105a7","https://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=bea60dd7679364493a0d7f5b54316c767cf894ef"],"published_time":"2018-07-27T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2634","summary":"It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.8,"cvss_v3":7.5,"epss":0.03662,"ranking_epss":0.87851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0323.html","http://rhn.redhat.com/errata/RHSA-2017-0346.html","http://rhn.redhat.com/errata/RHSA-2017-0347.html","http://www.securityfocus.com/bid/96529","http://www.securitytracker.com/id/1037909","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51","http://rhn.redhat.com/errata/RHSA-2017-0323.html","http://rhn.redhat.com/errata/RHSA-2017-0346.html","http://rhn.redhat.com/errata/RHSA-2017-0347.html","http://www.securityfocus.com/bid/96529","http://www.securitytracker.com/id/1037909","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51"],"published_time":"2018-07-27T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2590","summary":"A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.","cvss":8.1,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":8.1,"epss":0.00177,"ranking_epss":0.39243,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0388.html","http://www.securityfocus.com/bid/96557","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590","http://rhn.redhat.com/errata/RHSA-2017-0388.html","http://www.securityfocus.com/bid/96557","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590"],"published_time":"2018-07-27T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2625","summary":"It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.","cvss":6.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.5,"epss":0.00077,"ranking_epss":0.2308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/96480","http://www.securitytracker.com/id/1037919","https://access.redhat.com/errata/RHSA-2017:1865","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625","https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f","https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html","https://security.gentoo.org/glsa/201704-03","https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/","http://www.securityfocus.com/bid/96480","http://www.securitytracker.com/id/1037919","https://access.redhat.com/errata/RHSA-2017:1865","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625","https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f","https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html","https://security.gentoo.org/glsa/201704-03","https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"],"published_time":"2018-07-27T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2640","summary":"An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.5,"epss":0.00952,"ranking_epss":0.7635,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/96775","https://access.redhat.com/errata/RHSA-2017:1854","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2640","https://security.gentoo.org/glsa/201706-10","https://www.debian.org/security/2017/dsa-3806","http://www.securityfocus.com/bid/96775","https://access.redhat.com/errata/RHSA-2017:1854","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2640","https://security.gentoo.org/glsa/201706-10","https://www.debian.org/security/2017/dsa-3806"],"published_time":"2018-07-27T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-12173","summary":"It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"epss":0.00447,"ranking_epss":0.63497,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:3379","https://access.redhat.com/errata/RHSA-2018:1877","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173","https://access.redhat.com/errata/RHSA-2017:3379","https://access.redhat.com/errata/RHSA-2018:1877","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173"],"published_time":"2018-07-27T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-18344","summary":"The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.119,"ranking_epss":0.93716,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104909","http://www.securitytracker.com/id/1041414","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2018:3459","https://access.redhat.com/errata/RHSA-2018:3540","https://access.redhat.com/errata/RHSA-2018:3586","https://access.redhat.com/errata/RHSA-2018:3590","https://access.redhat.com/errata/RHSA-2018:3591","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8","https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe","https://usn.ubuntu.com/3742-1/","https://usn.ubuntu.com/3742-2/","https://www.exploit-db.com/exploits/45175/","http://www.securityfocus.com/bid/104909","http://www.securitytracker.com/id/1041414","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2018:3459","https://access.redhat.com/errata/RHSA-2018:3540","https://access.redhat.com/errata/RHSA-2018:3586","https://access.redhat.com/errata/RHSA-2018:3590","https://access.redhat.com/errata/RHSA-2018:3591","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8","https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe","https://usn.ubuntu.com/3742-1/","https://usn.ubuntu.com/3742-2/","https://www.exploit-db.com/exploits/45175/"],"published_time":"2018-07-26T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-12150","summary":"It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.","cvss":7.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.4,"epss":0.19902,"ranking_epss":0.95432,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100918","http://www.securitytracker.com/id/1039401","https://access.redhat.com/errata/RHSA-2017:2789","https://access.redhat.com/errata/RHSA-2017:2790","https://access.redhat.com/errata/RHSA-2017:2791","https://access.redhat.com/errata/RHSA-2017:2858","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us","https://security.netapp.com/advisory/ntap-20170921-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us","https://www.debian.org/security/2017/dsa-3983","https://www.samba.org/samba/security/CVE-2017-12150.html","http://www.securityfocus.com/bid/100918","http://www.securitytracker.com/id/1039401","https://access.redhat.com/errata/RHSA-2017:2789","https://access.redhat.com/errata/RHSA-2017:2790","https://access.redhat.com/errata/RHSA-2017:2791","https://access.redhat.com/errata/RHSA-2017:2858","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us","https://security.netapp.com/advisory/ntap-20170921-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us","https://www.debian.org/security/2017/dsa-3983","https://www.samba.org/samba/security/CVE-2017-12150.html"],"published_time":"2018-07-26T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10878","summary":"A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.","cvss":4.8,"cvss_version":3.0,"cvss_v2":6.1,"cvss_v3":4.8,"epss":0.00053,"ranking_epss":0.16885,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://patchwork.ozlabs.org/patch/929237/","http://patchwork.ozlabs.org/patch/929238/","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=199865","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://usn.ubuntu.com/3753-1/","https://usn.ubuntu.com/3753-2/","https://usn.ubuntu.com/3871-1/","https://usn.ubuntu.com/3871-3/","https://usn.ubuntu.com/3871-4/","https://usn.ubuntu.com/3871-5/","http://patchwork.ozlabs.org/patch/929237/","http://patchwork.ozlabs.org/patch/929238/","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=199865","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://usn.ubuntu.com/3753-1/","https://usn.ubuntu.com/3753-2/","https://usn.ubuntu.com/3871-1/","https://usn.ubuntu.com/3871-3/","https://usn.ubuntu.com/3871-4/","https://usn.ubuntu.com/3871-5/"],"published_time":"2018-07-26T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10879","summary":"A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.","cvss":4.2,"cvss_version":3.0,"cvss_v2":6.1,"cvss_v3":4.2,"epss":0.00033,"ranking_epss":0.09603,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://patchwork.ozlabs.org/patch/928666/","http://patchwork.ozlabs.org/patch/928667/","http://www.securityfocus.com/bid/104902","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=200001","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://usn.ubuntu.com/3753-1/","https://usn.ubuntu.com/3753-2/","https://usn.ubuntu.com/3871-1/","https://usn.ubuntu.com/3871-3/","https://usn.ubuntu.com/3871-4/","https://usn.ubuntu.com/3871-5/","http://patchwork.ozlabs.org/patch/928666/","http://patchwork.ozlabs.org/patch/928667/","http://www.securityfocus.com/bid/104902","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=200001","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://usn.ubuntu.com/3753-1/","https://usn.ubuntu.com/3753-2/","https://usn.ubuntu.com/3871-1/","https://usn.ubuntu.com/3871-3/","https://usn.ubuntu.com/3871-4/","https://usn.ubuntu.com/3871-5/"],"published_time":"2018-07-26T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10881","summary":"A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.","cvss":4.2,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.2,"epss":0.00049,"ranking_epss":0.1518,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://patchwork.ozlabs.org/patch/929792/","http://www.securityfocus.com/bid/104901","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=200015","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://usn.ubuntu.com/3752-1/","https://usn.ubuntu.com/3752-2/","https://usn.ubuntu.com/3752-3/","https://usn.ubuntu.com/3753-1/","https://usn.ubuntu.com/3753-2/","https://usn.ubuntu.com/3754-1/","http://patchwork.ozlabs.org/patch/929792/","http://www.securityfocus.com/bid/104901","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=200015","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://usn.ubuntu.com/3752-1/","https://usn.ubuntu.com/3752-2/","https://usn.ubuntu.com/3752-3/","https://usn.ubuntu.com/3753-1/","https://usn.ubuntu.com/3753-2/","https://usn.ubuntu.com/3754-1/"],"published_time":"2018-07-26T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-12171","summary":"A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":6.5,"epss":0.01543,"ranking_epss":0.81338,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101516","http://www.securitytracker.com/id/1039633","https://access.redhat.com/errata/RHSA-2017:2972","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171","http://www.securityfocus.com/bid/101516","http://www.securitytracker.com/id/1039633","https://access.redhat.com/errata/RHSA-2017:2972","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171"],"published_time":"2018-07-26T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10901","summary":"A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.0016,"ranking_epss":0.37025,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104905","https://access.redhat.com/errata/RHSA-2018:2390","https://access.redhat.com/errata/RHSA-2018:2391","https://access.redhat.com/errata/RHSA-2018:2392","https://access.redhat.com/errata/RHSA-2018:2393","https://access.redhat.com/errata/RHSA-2018:2394","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","http://www.securityfocus.com/bid/104905","https://access.redhat.com/errata/RHSA-2018:2390","https://access.redhat.com/errata/RHSA-2018:2391","https://access.redhat.com/errata/RHSA-2018:2392","https://access.redhat.com/errata/RHSA-2018:2393","https://access.redhat.com/errata/RHSA-2018:2394","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"],"published_time":"2018-07-26T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-12163","summary":"An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.","cvss":4.1,"cvss_version":3.0,"cvss_v2":4.8,"cvss_v3":4.1,"epss":0.41375,"ranking_epss":0.97384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100925","http://www.securitytracker.com/id/1039401","https://access.redhat.com/errata/RHSA-2017:2789","https://access.redhat.com/errata/RHSA-2017:2790","https://access.redhat.com/errata/RHSA-2017:2791","https://access.redhat.com/errata/RHSA-2017:2858","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us","https://security.netapp.com/advisory/ntap-20170921-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us","https://www.debian.org/security/2017/dsa-3983","https://www.samba.org/samba/security/CVE-2017-12163.html","https://www.synology.com/support/security/Synology_SA_17_57_Samba","http://www.securityfocus.com/bid/100925","http://www.securitytracker.com/id/1039401","https://access.redhat.com/errata/RHSA-2017:2789","https://access.redhat.com/errata/RHSA-2017:2790","https://access.redhat.com/errata/RHSA-2017:2791","https://access.redhat.com/errata/RHSA-2017:2858","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163","https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us","https://security.netapp.com/advisory/ntap-20170921-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us","https://www.debian.org/security/2017/dsa-3983","https://www.samba.org/samba/security/CVE-2017-12163.html","https://www.synology.com/support/security/Synology_SA_17_57_Samba"],"published_time":"2018-07-26T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7562","summary":"An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.00429,"ranking_epss":0.62455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100511","https://access.redhat.com/errata/RHSA-2018:0666","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562","https://github.com/krb5/krb5/pull/694","https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196","https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2","https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d","http://www.securityfocus.com/bid/100511","https://access.redhat.com/errata/RHSA-2018:0666","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562","https://github.com/krb5/krb5/pull/694","https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196","https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2","https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d"],"published_time":"2018-07-26T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7537","summary":"It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.","cvss":5.9,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.9,"epss":0.00125,"ranking_epss":0.31883,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:2335","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537","https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9","https://access.redhat.com/errata/RHSA-2017:2335","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7537","https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9"],"published_time":"2018-07-26T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-13988","summary":"Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00841,"ranking_epss":0.74693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988","https://bugzilla.redhat.com/show_bug.cgi?id=1602838","https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee","https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html","https://usn.ubuntu.com/3757-1/","http://packetstormsecurity.com/files/148661/PDFunite-0.62.0-Buffer-Overflow.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-13988","https://bugzilla.redhat.com/show_bug.cgi?id=1602838","https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee","https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html","https://usn.ubuntu.com/3757-1/"],"published_time":"2018-07-25T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10906","summary":"In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.","cvss":5.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":5.3,"epss":0.00054,"ranking_epss":0.17108,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3324","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906","https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/","https://www.debian.org/security/2018/dsa-4257","https://www.exploit-db.com/exploits/45106/","https://access.redhat.com/errata/RHSA-2018:3324","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906","https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/","https://www.debian.org/security/2018/dsa-4257","https://www.exploit-db.com/exploits/45106/"],"published_time":"2018-07-24T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5007","summary":"Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01117,"ranking_epss":0.78184,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104698","http://www.securitytracker.com/id/1041248","https://access.redhat.com/errata/RHSA-2018:2175","https://helpx.adobe.com/security/products/flash-player/apsb18-24.html","http://www.securityfocus.com/bid/104698","http://www.securitytracker.com/id/1041248","https://access.redhat.com/errata/RHSA-2018:2175","https://helpx.adobe.com/security/products/flash-player/apsb18-24.html"],"published_time":"2018-07-20T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5008","summary":"Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.0196,"ranking_epss":0.83455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104698","http://www.securitytracker.com/id/1041248","https://access.redhat.com/errata/RHSA-2018:2175","https://helpx.adobe.com/security/products/flash-player/apsb18-24.html","http://www.securityfocus.com/bid/104698","http://www.securitytracker.com/id/1041248","https://access.redhat.com/errata/RHSA-2018:2175","https://helpx.adobe.com/security/products/flash-player/apsb18-24.html"],"published_time":"2018-07-20T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3066","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).","cvss":3.3,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":3.3,"epss":0.00139,"ranking_epss":0.34137,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104766","http://www.securitytracker.com/id/1041294","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://security.netapp.com/advisory/ntap-20180726-0002/","https://usn.ubuntu.com/3725-1/","https://usn.ubuntu.com/3725-2/","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104766","http://www.securitytracker.com/id/1041294","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://security.netapp.com/advisory/ntap-20180726-0002/","https://usn.ubuntu.com/3725-1/","https://usn.ubuntu.com/3725-2/","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-07-18T13:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3081","summary":"Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).","cvss":5.0,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.0,"epss":0.00118,"ranking_epss":0.30831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104779","http://www.securitytracker.com/id/1041294","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://security.netapp.com/advisory/ntap-20180726-0002/","https://usn.ubuntu.com/3725-1/","https://usn.ubuntu.com/3725-2/","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104779","http://www.securitytracker.com/id/1041294","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://security.netapp.com/advisory/ntap-20180726-0002/","https://usn.ubuntu.com/3725-1/","https://usn.ubuntu.com/3725-2/","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-07-18T13:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3058","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"epss":0.0016,"ranking_epss":0.36994,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104766","http://www.securitytracker.com/id/1041294","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://security.netapp.com/advisory/ntap-20180726-0002/","https://usn.ubuntu.com/3725-1/","https://usn.ubuntu.com/3725-2/","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104766","http://www.securitytracker.com/id/1041294","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://access.redhat.com/errata/RHSA-2019:2327","https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://security.netapp.com/advisory/ntap-20180726-0002/","https://usn.ubuntu.com/3725-1/","https://usn.ubuntu.com/3725-2/","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-07-18T13:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2973","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.0016,"ranking_epss":0.3703,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104773","http://www.securitytracker.com/id/1041302","https://access.redhat.com/errata/RHSA-2018:2253","https://access.redhat.com/errata/RHSA-2018:2254","https://access.redhat.com/errata/RHSA-2018:2255","https://access.redhat.com/errata/RHSA-2018:2256","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://security.netapp.com/advisory/ntap-20180726-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104773","http://www.securitytracker.com/id/1041302","https://access.redhat.com/errata/RHSA-2018:2253","https://access.redhat.com/errata/RHSA-2018:2254","https://access.redhat.com/errata/RHSA-2018:2255","https://access.redhat.com/errata/RHSA-2018:2256","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://security.netapp.com/advisory/ntap-20180726-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us"],"published_time":"2018-07-18T13:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2940","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00271,"ranking_epss":0.50523,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104768","http://www.securitytracker.com/id/1041302","https://access.redhat.com/errata/RHSA-2018:2253","https://access.redhat.com/errata/RHSA-2018:2254","https://access.redhat.com/errata/RHSA-2018:2255","https://access.redhat.com/errata/RHSA-2018:2256","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://security.netapp.com/advisory/ntap-20180726-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104768","http://www.securitytracker.com/id/1041302","https://access.redhat.com/errata/RHSA-2018:2253","https://access.redhat.com/errata/RHSA-2018:2254","https://access.redhat.com/errata/RHSA-2018:2255","https://access.redhat.com/errata/RHSA-2018:2256","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://security.netapp.com/advisory/ntap-20180726-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us"],"published_time":"2018-07-18T13:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2952","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00073,"ranking_epss":0.22321,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104765","http://www.securitytracker.com/id/1041302","https://access.redhat.com/errata/RHSA-2018:2241","https://access.redhat.com/errata/RHSA-2018:2242","https://access.redhat.com/errata/RHSA-2018:2253","https://access.redhat.com/errata/RHSA-2018:2254","https://access.redhat.com/errata/RHSA-2018:2255","https://access.redhat.com/errata/RHSA-2018:2256","https://access.redhat.com/errata/RHSA-2018:2283","https://access.redhat.com/errata/RHSA-2018:2286","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.netapp.com/advisory/ntap-20180726-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us","https://usn.ubuntu.com/3734-1/","https://usn.ubuntu.com/3735-1/","https://usn.ubuntu.com/3747-1/","https://www.debian.org/security/2018/dsa-4268","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/104765","http://www.securitytracker.com/id/1041302","https://access.redhat.com/errata/RHSA-2018:2241","https://access.redhat.com/errata/RHSA-2018:2242","https://access.redhat.com/errata/RHSA-2018:2253","https://access.redhat.com/errata/RHSA-2018:2254","https://access.redhat.com/errata/RHSA-2018:2255","https://access.redhat.com/errata/RHSA-2018:2256","https://access.redhat.com/errata/RHSA-2018:2283","https://access.redhat.com/errata/RHSA-2018:2286","https://access.redhat.com/errata/RHSA-2018:2568","https://access.redhat.com/errata/RHSA-2018:2569","https://access.redhat.com/errata/RHSA-2018:2575","https://access.redhat.com/errata/RHSA-2018:2576","https://access.redhat.com/errata/RHSA-2018:2712","https://access.redhat.com/errata/RHSA-2018:2713","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html","https://security.netapp.com/advisory/ntap-20180726-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03882en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03928en_us","https://usn.ubuntu.com/3734-1/","https://usn.ubuntu.com/3735-1/","https://usn.ubuntu.com/3747-1/","https://www.debian.org/security/2018/dsa-4268"],"published_time":"2018-07-18T13:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2767","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).","cvss":3.1,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":3.1,"epss":0.00421,"ranking_epss":0.61957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/103954","http://www.securitytracker.com/id/1041294","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://security.netapp.com/advisory/ntap-20180726-0002/","https://usn.ubuntu.com/3725-1/","https://usn.ubuntu.com/3725-2/","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.securityfocus.com/bid/103954","http://www.securitytracker.com/id/1041294","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html","https://security.netapp.com/advisory/ntap-20180726-0002/","https://usn.ubuntu.com/3725-1/","https://usn.ubuntu.com/3725-2/","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-07-18T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14354","summary":"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02348,"ranking_epss":0.84834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.mutt.org/news.html","http://www.securityfocus.com/bid/104925","https://access.redhat.com/errata/RHSA-2018:2526","https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb","https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d","https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","https://neomutt.org/2018/07/16/release","https://security.gentoo.org/glsa/201810-07","https://usn.ubuntu.com/3719-1/","https://usn.ubuntu.com/3719-2/","https://usn.ubuntu.com/3719-3/","https://www.debian.org/security/2018/dsa-4277","http://www.mutt.org/news.html","http://www.securityfocus.com/bid/104925","https://access.redhat.com/errata/RHSA-2018:2526","https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb","https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d","https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","https://neomutt.org/2018/07/16/release","https://security.gentoo.org/glsa/201810-07","https://usn.ubuntu.com/3719-1/","https://usn.ubuntu.com/3719-2/","https://usn.ubuntu.com/3719-3/","https://www.debian.org/security/2018/dsa-4277"],"published_time":"2018-07-17T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14357","summary":"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02348,"ranking_epss":0.84834,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.mutt.org/news.html","https://access.redhat.com/errata/RHSA-2018:2526","https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725","https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d","https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","https://neomutt.org/2018/07/16/release","https://security.gentoo.org/glsa/201810-07","https://usn.ubuntu.com/3719-1/","https://usn.ubuntu.com/3719-3/","https://www.debian.org/security/2018/dsa-4277","http://www.mutt.org/news.html","https://access.redhat.com/errata/RHSA-2018:2526","https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725","https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d","https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","https://neomutt.org/2018/07/16/release","https://security.gentoo.org/glsa/201810-07","https://usn.ubuntu.com/3719-1/","https://usn.ubuntu.com/3719-3/","https://www.debian.org/security/2018/dsa-4277"],"published_time":"2018-07-17T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-14362","summary":"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01676,"ranking_epss":0.82107,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.mutt.org/news.html","https://access.redhat.com/errata/RHSA-2018:2526","https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e","https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576","https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","https://neomutt.org/2018/07/16/release","https://security.gentoo.org/glsa/201810-07","https://usn.ubuntu.com/3719-3/","https://www.debian.org/security/2018/dsa-4277","http://www.mutt.org/news.html","https://access.redhat.com/errata/RHSA-2018:2526","https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e","https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576","https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html","https://neomutt.org/2018/07/16/release","https://security.gentoo.org/glsa/201810-07","https://usn.ubuntu.com/3719-3/","https://www.debian.org/security/2018/dsa-4277"],"published_time":"2018-07-17T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3693","summary":"Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.","cvss":5.6,"cvss_version":3.0,"cvss_v2":4.7,"cvss_v3":5.6,"epss":0.01192,"ranking_epss":0.78819,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2384","https://access.redhat.com/errata/RHSA-2018:2390","https://access.redhat.com/errata/RHSA-2018:2395","https://access.redhat.com/errata/RHSA-2019:1946","https://access.redhat.com/errata/RHSA-2020:0174","https://cdrdv2.intel.com/v1/dl/getContent/685359","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180823-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://access.redhat.com/errata/RHSA-2018:2384","https://access.redhat.com/errata/RHSA-2018:2390","https://access.redhat.com/errata/RHSA-2018:2395","https://access.redhat.com/errata/RHSA-2019:1946","https://access.redhat.com/errata/RHSA-2020:0174","https://cdrdv2.intel.com/v1/dl/getContent/685359","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180823-0001/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"],"published_time":"2018-07-10T21:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10872","summary":"A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel. No other versions are affected by this CVE.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":6.5,"epss":0.0008,"ranking_epss":0.23809,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2164","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://www.oracle.com/security-alerts/cpujul2020.html","https://access.redhat.com/errata/RHSA-2018:2164","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10872","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2018-07-10T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10861","summary":"A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected.","cvss":8.1,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":8.1,"epss":0.0058,"ranking_epss":0.68836,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","http://tracker.ceph.com/issues/24838","http://www.securityfocus.com/bid/104742","https://access.redhat.com/errata/RHSA-2018:2177","https://access.redhat.com/errata/RHSA-2018:2179","https://access.redhat.com/errata/RHSA-2018:2261","https://access.redhat.com/errata/RHSA-2018:2274","https://bugzilla.redhat.com/show_bug.cgi?id=1593308","https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc","https://www.debian.org/security/2018/dsa-4339","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","http://tracker.ceph.com/issues/24838","http://www.securityfocus.com/bid/104742","https://access.redhat.com/errata/RHSA-2018:2177","https://access.redhat.com/errata/RHSA-2018:2179","https://access.redhat.com/errata/RHSA-2018:2261","https://access.redhat.com/errata/RHSA-2018:2274","https://bugzilla.redhat.com/show_bug.cgi?id=1593308","https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc","https://www.debian.org/security/2018/dsa-4339"],"published_time":"2018-07-10T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1128","summary":"It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.4,"cvss_v3":7.5,"epss":0.00979,"ranking_epss":0.76706,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","http://tracker.ceph.com/issues/24836","http://www.openwall.com/lists/oss-security/2020/11/17/3","http://www.openwall.com/lists/oss-security/2020/11/17/4","https://access.redhat.com/errata/RHSA-2018:2177","https://access.redhat.com/errata/RHSA-2018:2179","https://access.redhat.com/errata/RHSA-2018:2261","https://access.redhat.com/errata/RHSA-2018:2274","https://bugzilla.redhat.com/show_bug.cgi?id=1575866","https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://www.debian.org/security/2018/dsa-4339","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","http://tracker.ceph.com/issues/24836","http://www.openwall.com/lists/oss-security/2020/11/17/3","http://www.openwall.com/lists/oss-security/2020/11/17/4","https://access.redhat.com/errata/RHSA-2018:2177","https://access.redhat.com/errata/RHSA-2018:2179","https://access.redhat.com/errata/RHSA-2018:2261","https://access.redhat.com/errata/RHSA-2018:2274","https://bugzilla.redhat.com/show_bug.cgi?id=1575866","https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://www.debian.org/security/2018/dsa-4339"],"published_time":"2018-07-10T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1129","summary":"A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.","cvss":6.5,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":6.5,"epss":0.00404,"ranking_epss":0.60893,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html","http://tracker.ceph.com/issues/24837","https://access.redhat.com/errata/RHSA-2018:2177","https://access.redhat.com/errata/RHSA-2018:2179","https://access.redhat.com/errata/RHSA-2018:2261","https://access.redhat.com/errata/RHSA-2018:2274","https://bugzilla.redhat.com/show_bug.cgi?id=1576057","https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://www.debian.org/security/2018/dsa-4339","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00100.html","http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html","http://tracker.ceph.com/issues/24837","https://access.redhat.com/errata/RHSA-2018:2177","https://access.redhat.com/errata/RHSA-2018:2179","https://access.redhat.com/errata/RHSA-2018:2261","https://access.redhat.com/errata/RHSA-2018:2274","https://bugzilla.redhat.com/show_bug.cgi?id=1576057","https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://www.debian.org/security/2018/dsa-4339"],"published_time":"2018-07-10T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5000","summary":"Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01944,"ranking_epss":0.83393,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104413","http://www.securitytracker.com/id/1041058","https://access.redhat.com/errata/RHSA-2018:1827","https://helpx.adobe.com/security/products/flash-player/apsb18-19.html","https://security.gentoo.org/glsa/201806-02","http://www.securityfocus.com/bid/104413","http://www.securitytracker.com/id/1041058","https://access.redhat.com/errata/RHSA-2018:1827","https://helpx.adobe.com/security/products/flash-player/apsb18-19.html","https://security.gentoo.org/glsa/201806-02"],"published_time":"2018-07-09T19:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5001","summary":"Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00978,"ranking_epss":0.7669,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104413","http://www.securitytracker.com/id/1041058","https://access.redhat.com/errata/RHSA-2018:1827","https://helpx.adobe.com/security/products/flash-player/apsb18-19.html","https://security.gentoo.org/glsa/201806-02","http://www.securityfocus.com/bid/104413","http://www.securitytracker.com/id/1041058","https://access.redhat.com/errata/RHSA-2018:1827","https://helpx.adobe.com/security/products/flash-player/apsb18-19.html","https://security.gentoo.org/glsa/201806-02"],"published_time":"2018-07-09T19:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5002","summary":"Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.","cvss":7.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":7.8,"epss":0.47145,"ranking_epss":0.9767,"kev":true,"propose_action":"Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.","ransomware_campaign":"Unknown","references":["http://www.securityfocus.com/bid/104412","http://www.securitytracker.com/id/1041058","https://access.redhat.com/errata/RHSA-2018:1827","https://helpx.adobe.com/security/products/flash-player/apsb18-19.html","https://security.gentoo.org/glsa/201806-02","http://www.securityfocus.com/bid/104412","http://www.securitytracker.com/id/1041058","https://access.redhat.com/errata/RHSA-2018:1827","https://helpx.adobe.com/security/products/flash-player/apsb18-19.html","https://security.gentoo.org/glsa/201806-02","https://github.com/cisagov/vulnrichment/issues/196","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-5002"],"published_time":"2018-07-09T19:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4945","summary":"Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.02998,"ranking_epss":0.8652,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104413","http://www.securitytracker.com/id/1041058","https://access.redhat.com/errata/RHSA-2018:1827","https://helpx.adobe.com/security/products/flash-player/apsb18-19.html","https://security.gentoo.org/glsa/201806-02","http://www.securityfocus.com/bid/104413","http://www.securitytracker.com/id/1041058","https://access.redhat.com/errata/RHSA-2018:1827","https://helpx.adobe.com/security/products/flash-player/apsb18-19.html","https://security.gentoo.org/glsa/201806-02"],"published_time":"2018-07-09T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-13785","summary":"In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.02997,"ranking_epss":0.86519,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105599","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://sourceforge.net/p/libpng/bugs/278/","https://usn.ubuntu.com/3712-1/","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/105599","http://www.securitytracker.com/id/1041889","https://access.redhat.com/errata/RHSA-2018:3000","https://access.redhat.com/errata/RHSA-2018:3001","https://access.redhat.com/errata/RHSA-2018:3002","https://access.redhat.com/errata/RHSA-2018:3003","https://access.redhat.com/errata/RHSA-2018:3007","https://access.redhat.com/errata/RHSA-2018:3008","https://access.redhat.com/errata/RHSA-2018:3533","https://access.redhat.com/errata/RHSA-2018:3534","https://access.redhat.com/errata/RHSA-2018:3671","https://access.redhat.com/errata/RHSA-2018:3672","https://access.redhat.com/errata/RHSA-2018:3779","https://access.redhat.com/errata/RHSA-2018:3852","https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2","https://security.gentoo.org/glsa/201908-10","https://security.netapp.com/advisory/ntap-20181018-0001/","https://sourceforge.net/p/libpng/bugs/278/","https://usn.ubuntu.com/3712-1/"],"published_time":"2018-07-09T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10892","summary":"The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.","cvss":6.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":6.3,"epss":0.00114,"ranking_epss":0.30112,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html","https://access.redhat.com/errata/RHBA-2018:2796","https://access.redhat.com/errata/RHSA-2018:2482","https://access.redhat.com/errata/RHSA-2018:2729","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892","https://github.com/moby/moby/pull/37404","http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html","https://access.redhat.com/errata/RHBA-2018:2796","https://access.redhat.com/errata/RHSA-2018:2482","https://access.redhat.com/errata/RHSA-2018:2729","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892","https://github.com/moby/moby/pull/37404"],"published_time":"2018-07-06T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-13405","summary":"The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00165,"ranking_epss":0.37624,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7","http://openwall.com/lists/oss-security/2018/07/13/2","http://www.securityfocus.com/bid/106503","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2019:0717","https://access.redhat.com/errata/RHSA-2019:2476","https://access.redhat.com/errata/RHSA-2019:2566","https://access.redhat.com/errata/RHSA-2019:2696","https://access.redhat.com/errata/RHSA-2019:2730","https://access.redhat.com/errata/RHSA-2019:4159","https://access.redhat.com/errata/RHSA-2019:4164","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406","https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7","https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/","https://support.f5.com/csp/article/K00854051","https://twitter.com/grsecurity/status/1015082951204327425","https://usn.ubuntu.com/3752-1/","https://usn.ubuntu.com/3752-2/","https://usn.ubuntu.com/3752-3/","https://usn.ubuntu.com/3753-1/","https://usn.ubuntu.com/3753-2/","https://usn.ubuntu.com/3754-1/","https://www.debian.org/security/2018/dsa-4266","https://www.exploit-db.com/exploits/45033/","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7","http://openwall.com/lists/oss-security/2018/07/13/2","http://www.securityfocus.com/bid/106503","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2019:0717","https://access.redhat.com/errata/RHSA-2019:2476","https://access.redhat.com/errata/RHSA-2019:2566","https://access.redhat.com/errata/RHSA-2019:2696","https://access.redhat.com/errata/RHSA-2019:2730","https://access.redhat.com/errata/RHSA-2019:4159","https://access.redhat.com/errata/RHSA-2019:4164","https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406","https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7","https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRBNBX73SAFKQWBOX76SLMWPTKJPVGEJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKKIAUMR5FAYLZ7HLEPOXMKAAE3BYBQ/","https://support.f5.com/csp/article/K00854051","https://twitter.com/grsecurity/status/1015082951204327425","https://usn.ubuntu.com/3752-1/","https://usn.ubuntu.com/3752-2/","https://usn.ubuntu.com/3752-3/","https://usn.ubuntu.com/3753-1/","https://usn.ubuntu.com/3753-2/","https://usn.ubuntu.com/3754-1/","https://www.debian.org/security/2018/dsa-4266","https://www.exploit-db.com/exploits/45033/"],"published_time":"2018-07-06T14:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12910","summary":"The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.07838,"ranking_epss":0.91964,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00003.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047","https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f","https://gitlab.gnome.org/GNOME/libsoup/issues/3","https://lists.debian.org/debian-lts-announce/2018/07/msg00007.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBREWZ3EEDYWG6PCLWL2EJ24ME5ZFAX6/","https://usn.ubuntu.com/3701-1/","https://www.debian.org/security/2018/dsa-4241","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00003.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://gitlab.gnome.org/GNOME/gnome-sdk-images/commit/4215b8a21b3b3055e947312a8920df94f93ba047","https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f","https://gitlab.gnome.org/GNOME/libsoup/issues/3","https://lists.debian.org/debian-lts-announce/2018/07/msg00007.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SBREWZ3EEDYWG6PCLWL2EJ24ME5ZFAX6/","https://usn.ubuntu.com/3701-1/","https://www.debian.org/security/2018/dsa-4241"],"published_time":"2018-07-05T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2615","summary":"Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.","cvss":5.5,"cvss_version":3.0,"cvss_v2":9.0,"cvss_v3":5.5,"epss":0.0101,"ranking_epss":0.77062,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0309.html","http://rhn.redhat.com/errata/RHSA-2017-0328.html","http://rhn.redhat.com/errata/RHSA-2017-0329.html","http://rhn.redhat.com/errata/RHSA-2017-0330.html","http://rhn.redhat.com/errata/RHSA-2017-0331.html","http://rhn.redhat.com/errata/RHSA-2017-0332.html","http://rhn.redhat.com/errata/RHSA-2017-0333.html","http://rhn.redhat.com/errata/RHSA-2017-0334.html","http://rhn.redhat.com/errata/RHSA-2017-0344.html","http://rhn.redhat.com/errata/RHSA-2017-0350.html","http://rhn.redhat.com/errata/RHSA-2017-0396.html","http://rhn.redhat.com/errata/RHSA-2017-0454.html","http://www.openwall.com/lists/oss-security/2017/02/01/6","http://www.securityfocus.com/bid/95990","http://www.securitytracker.com/id/1037804","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html","https://security.gentoo.org/glsa/201702-27","https://security.gentoo.org/glsa/201702-28","https://support.citrix.com/article/CTX220771","http://rhn.redhat.com/errata/RHSA-2017-0309.html","http://rhn.redhat.com/errata/RHSA-2017-0328.html","http://rhn.redhat.com/errata/RHSA-2017-0329.html","http://rhn.redhat.com/errata/RHSA-2017-0330.html","http://rhn.redhat.com/errata/RHSA-2017-0331.html","http://rhn.redhat.com/errata/RHSA-2017-0332.html","http://rhn.redhat.com/errata/RHSA-2017-0333.html","http://rhn.redhat.com/errata/RHSA-2017-0334.html","http://rhn.redhat.com/errata/RHSA-2017-0344.html","http://rhn.redhat.com/errata/RHSA-2017-0350.html","http://rhn.redhat.com/errata/RHSA-2017-0396.html","http://rhn.redhat.com/errata/RHSA-2017-0454.html","http://www.openwall.com/lists/oss-security/2017/02/01/6","http://www.securityfocus.com/bid/95990","http://www.securitytracker.com/id/1037804","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html","https://security.gentoo.org/glsa/201702-27","https://security.gentoo.org/glsa/201702-28","https://support.citrix.com/article/CTX220771"],"published_time":"2018-07-03T01:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1113","summary":"setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.","cvss":4.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":4.8,"epss":0.00044,"ranking_epss":0.13709,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3249","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3249","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1113"],"published_time":"2018-07-03T01:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-13033","summary":"The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.01475,"ranking_epss":0.80923,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104584","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23361","https://usn.ubuntu.com/4336-1/","http://www.securityfocus.com/bid/104584","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23361","https://usn.ubuntu.com/4336-1/"],"published_time":"2018-07-01T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10852","summary":"The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.","cvss":3.8,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":3.8,"epss":0.00273,"ranking_epss":0.50717,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104547","https://access.redhat.com/errata/RHSA-2018:3158","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852","https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html","http://www.securityfocus.com/bid/104547","https://access.redhat.com/errata/RHSA-2018:3158","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852","https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html"],"published_time":"2018-06-26T14:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2668","summary":"389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.07615,"ranking_epss":0.91829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97524","https://access.redhat.com/errata/RHSA-2017:0893","https://access.redhat.com/errata/RHSA-2017:0920","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668","https://pagure.io/389-ds-base/issue/49220","http://www.securityfocus.com/bid/97524","https://access.redhat.com/errata/RHSA-2017:0893","https://access.redhat.com/errata/RHSA-2017:0920","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2668","https://pagure.io/389-ds-base/issue/49220"],"published_time":"2018-06-22T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1120","summary":"A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).","cvss":2.8,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":2.8,"epss":0.01335,"ranking_epss":0.79949,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/oss-sec/2018/q2/122","http://www.securityfocus.com/bid/104229","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://security.gentoo.org/glsa/201805-14","https://usn.ubuntu.com/3752-1/","https://usn.ubuntu.com/3752-2/","https://usn.ubuntu.com/3752-3/","https://usn.ubuntu.com/3910-1/","https://usn.ubuntu.com/3910-2/","https://www.exploit-db.com/exploits/44806/","http://seclists.org/oss-sec/2018/q2/122","http://www.securityfocus.com/bid/104229","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://security.gentoo.org/glsa/201805-14","https://usn.ubuntu.com/3752-1/","https://usn.ubuntu.com/3752-2/","https://usn.ubuntu.com/3752-3/","https://usn.ubuntu.com/3910-1/","https://usn.ubuntu.com/3910-2/","https://www.exploit-db.com/exploits/44806/"],"published_time":"2018-06-20T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1061","summary":"python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method.  An attacker could use this flaw to cause denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":6.5,"epss":0.01476,"ranking_epss":0.80929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","http://www.securitytracker.com/id/1042001","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3041","https://access.redhat.com/errata/RHSA-2018:3505","https://access.redhat.com/errata/RHSA-2019:1260","https://access.redhat.com/errata/RHSA-2019:3725","https://bugs.python.org/issue32981","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061","https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1","https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1","https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us","https://usn.ubuntu.com/3817-1/","https://usn.ubuntu.com/3817-2/","https://www.debian.org/security/2018/dsa-4306","https://www.debian.org/security/2018/dsa-4307","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","http://www.securitytracker.com/id/1042001","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3041","https://access.redhat.com/errata/RHSA-2018:3505","https://access.redhat.com/errata/RHSA-2019:1260","https://access.redhat.com/errata/RHSA-2019:3725","https://bugs.python.org/issue32981","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061","https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1","https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1","https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us","https://usn.ubuntu.com/3817-1/","https://usn.ubuntu.com/3817-2/","https://www.debian.org/security/2018/dsa-4306","https://www.debian.org/security/2018/dsa-4307"],"published_time":"2018-06-19T12:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1060","summary":"python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.","cvss":4.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":4.3,"epss":0.00961,"ranking_epss":0.76444,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","http://www.securitytracker.com/id/1042001","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3041","https://access.redhat.com/errata/RHSA-2018:3505","https://access.redhat.com/errata/RHSA-2019:1260","https://access.redhat.com/errata/RHSA-2019:3725","https://bugs.python.org/issue32981","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060","https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1","https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1","https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us","https://usn.ubuntu.com/3817-1/","https://usn.ubuntu.com/3817-2/","https://www.debian.org/security/2018/dsa-4306","https://www.debian.org/security/2018/dsa-4307","https://www.oracle.com/security-alerts/cpujan2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","http://www.securitytracker.com/id/1042001","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3041","https://access.redhat.com/errata/RHSA-2018:3505","https://access.redhat.com/errata/RHSA-2019:1260","https://access.redhat.com/errata/RHSA-2019:3725","https://bugs.python.org/issue32981","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060","https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1","https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1","https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us","https://usn.ubuntu.com/3817-1/","https://usn.ubuntu.com/3817-2/","https://www.debian.org/security/2018/dsa-4306","https://www.debian.org/security/2018/dsa-4307","https://www.oracle.com/security-alerts/cpujan2020.html"],"published_time":"2018-06-18T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-0495","summary":"Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.","cvss":4.7,"cvss_version":3.0,"cvss_v2":1.9,"cvss_v3":4.7,"epss":0.00264,"ranking_epss":0.49884,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1041144","http://www.securitytracker.com/id/1041147","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237","https://dev.gnupg.org/T4011","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://usn.ubuntu.com/3689-1/","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3692-1/","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.debian.org/security/2018/dsa-4231","https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","http://www.securitytracker.com/id/1041144","http://www.securitytracker.com/id/1041147","https://access.redhat.com/errata/RHSA-2018:3221","https://access.redhat.com/errata/RHSA-2018:3505","https://access.redhat.com/errata/RHSA-2019:1296","https://access.redhat.com/errata/RHSA-2019:1297","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2019:2237","https://dev.gnupg.org/T4011","https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3Bh=9010d1576e278a4274ad3f4aa15776c28f6ba965","https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html","https://usn.ubuntu.com/3689-1/","https://usn.ubuntu.com/3689-2/","https://usn.ubuntu.com/3692-1/","https://usn.ubuntu.com/3692-2/","https://usn.ubuntu.com/3850-1/","https://usn.ubuntu.com/3850-2/","https://www.debian.org/security/2018/dsa-4231","https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"],"published_time":"2018-06-13T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10850","summary":"389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.","cvss":5.9,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.9,"epss":0.02052,"ranking_epss":0.83826,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html","https://access.redhat.com/errata/RHSA-2018:2757","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850","https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html","https://pagure.io/389-ds-base/c/8f04487f99a","https://pagure.io/389-ds-base/issue/49768","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html","https://access.redhat.com/errata/RHSA-2018:2757","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850","https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html","https://pagure.io/389-ds-base/c/8f04487f99a","https://pagure.io/389-ds-base/issue/49768"],"published_time":"2018-06-13T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-11806","summary":"m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.","cvss":8.2,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":8.2,"epss":0.0005,"ranking_epss":0.15745,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/06/07/1","http://www.securityfocus.com/bid/104400","https://access.redhat.com/errata/RHSA-2018:2462","https://access.redhat.com/errata/RHSA-2018:2762","https://access.redhat.com/errata/RHSA-2018:2822","https://access.redhat.com/errata/RHSA-2018:2887","https://access.redhat.com/errata/RHSA-2019:2892","https://bugzilla.redhat.com/show_bug.cgi?id=1586245","https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html","https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html","https://seclists.org/bugtraq/2019/May/76","https://usn.ubuntu.com/3826-1/","https://www.debian.org/security/2019/dsa-4454","https://www.zerodayinitiative.com/advisories/ZDI-18-567/","http://www.openwall.com/lists/oss-security/2018/06/07/1","http://www.securityfocus.com/bid/104400","https://access.redhat.com/errata/RHSA-2018:2462","https://access.redhat.com/errata/RHSA-2018:2762","https://access.redhat.com/errata/RHSA-2018:2822","https://access.redhat.com/errata/RHSA-2018:2887","https://access.redhat.com/errata/RHSA-2019:2892","https://bugzilla.redhat.com/show_bug.cgi?id=1586245","https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html","https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html","https://seclists.org/bugtraq/2019/May/76","https://usn.ubuntu.com/3826-1/","https://www.debian.org/security/2019/dsa-4454","https://www.zerodayinitiative.com/advisories/ZDI-18-567/"],"published_time":"2018-06-13T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5848","summary":"In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00152,"ranking_epss":0.36006,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2","https://source.android.com/security/bulletin/pixel/2018-05-01","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"],"published_time":"2018-06-12T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5803","summary":"In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.00089,"ranking_epss":0.25373,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:1854","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2019:0641","https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://secuniaresearch.flexerasoftware.com/advisories/81331/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3656-1/","https://usn.ubuntu.com/3697-1/","https://usn.ubuntu.com/3697-2/","https://usn.ubuntu.com/3698-1/","https://usn.ubuntu.com/3698-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188","https://www.spinics.net/lists/linux-sctp/msg07036.html","https://www.spinics.net/lists/netdev/msg482523.html","https://access.redhat.com/errata/RHSA-2018:1854","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://access.redhat.com/errata/RHSA-2019:0641","https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121","https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87","https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://secuniaresearch.flexerasoftware.com/advisories/81331/","https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3656-1/","https://usn.ubuntu.com/3697-1/","https://usn.ubuntu.com/3697-2/","https://usn.ubuntu.com/3698-1/","https://usn.ubuntu.com/3698-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188","https://www.spinics.net/lists/linux-sctp/msg07036.html","https://www.spinics.net/lists/netdev/msg482523.html"],"published_time":"2018-06-12T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5178","summary":"A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.18164,"ranking_epss":0.95166,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104138","http://www.securitytracker.com/id/1040898","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1443891","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104138","http://www.securitytracker.com/id/1040898","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1443891","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5183","summary":"Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03916,"ranking_epss":0.88263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104138","http://www.securitytracker.com/id/1040898","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1454692","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104138","http://www.securitytracker.com/id/1040898","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1454692","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5184","summary":"Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01035,"ranking_epss":0.77344,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104240","http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1411592","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104240","http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1411592","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5185","summary":"Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00329,"ranking_epss":0.55922,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104240","http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1450345","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104240","http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1450345","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:16","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5154","summary":"A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02921,"ranking_epss":0.86349,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1443092","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1443092","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5155","summary":"A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02921,"ranking_epss":0.86349,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1448774","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1448774","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5157","summary":"Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00587,"ranking_epss":0.69053,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://bugzilla.mozilla.org/show_bug.cgi?id=1449898","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3645-1/","https://www.debian.org/security/2018/dsa-4199","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://bugzilla.mozilla.org/show_bug.cgi?id=1449898","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3645-1/","https://www.debian.org/security/2018/dsa-4199","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/"],"published_time":"2018-06-11T21:29:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5158","summary":"The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.4138,"ranking_epss":0.97384,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://bugzilla.mozilla.org/show_bug.cgi?id=1452075","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3645-1/","https://www.debian.org/security/2018/dsa-4199","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://bugzilla.mozilla.org/show_bug.cgi?id=1452075","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3645-1/","https://www.debian.org/security/2018/dsa-4199","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/"],"published_time":"2018-06-11T21:29:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5159","summary":"An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.37556,"ranking_epss":0.97173,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1441941","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.exploit-db.com/exploits/44759/","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1441941","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.exploit-db.com/exploits/44759/","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5161","summary":"Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00925,"ranking_epss":0.7598,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1411720","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1411720","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5162","summary":"Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00918,"ranking_epss":0.75895,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104240","http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1457721","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104240","http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1457721","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5168","summary":"Sites can bypass security checks on permissions to install lightweight themes by manipulating the \"baseURI\" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.01032,"ranking_epss":0.77303,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1449548","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1449548","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5170","summary":"It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00881,"ranking_epss":0.75336,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1411732","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securitytracker.com/id/1040946","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/show_bug.cgi?id=1411732","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3660-1/","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:15","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5129","summary":"A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.","cvss":8.6,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":8.6,"epss":0.02331,"ranking_epss":0.84781,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/show_bug.cgi?id=1428947","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://usn.ubuntu.com/3596-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/","http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/show_bug.cgi?id=1428947","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://usn.ubuntu.com/3596-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/"],"published_time":"2018-06-11T21:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5130","summary":"When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01156,"ranking_epss":0.78509,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://bugzilla.mozilla.org/show_bug.cgi?id=1433005","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3596-1/","https://www.debian.org/security/2018/dsa-4139","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/","http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://bugzilla.mozilla.org/show_bug.cgi?id=1433005","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3596-1/","https://www.debian.org/security/2018/dsa-4139","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/"],"published_time":"2018-06-11T21:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5131","summary":"Under certain circumstances the \"fetch()\" API can return transient local copies of resources that were sent with a \"no-store\" or \"no-cache\" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.01281,"ranking_epss":0.79554,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://bugzilla.mozilla.org/show_bug.cgi?id=1440775","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3596-1/","https://www.debian.org/security/2018/dsa-4139","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/","http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://bugzilla.mozilla.org/show_bug.cgi?id=1440775","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://security.gentoo.org/glsa/201810-01","https://usn.ubuntu.com/3596-1/","https://www.debian.org/security/2018/dsa-4139","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/"],"published_time":"2018-06-11T21:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5144","summary":"An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.","cvss":7.3,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.3,"epss":0.05728,"ranking_epss":0.9041,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103384","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/show_bug.cgi?id=1440926","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/","http://www.securityfocus.com/bid/103384","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/show_bug.cgi?id=1440926","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/"],"published_time":"2018-06-11T21:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5145","summary":"Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03916,"ranking_epss":0.88263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103384","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/","http://www.securityfocus.com/bid/103384","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1261175%2C1348955","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/"],"published_time":"2018-06-11T21:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5146","summary":"An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.41108,"ranking_epss":0.9737,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103432","http://www.securitytracker.com/id/1040544","https://access.redhat.com/errata/RHSA-2018:0549","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://access.redhat.com/errata/RHSA-2018:0649","https://access.redhat.com/errata/RHSA-2018:1058","https://bugzilla.mozilla.org/show_bug.cgi?id=1446062","https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://usn.ubuntu.com/3599-1/","https://usn.ubuntu.com/3604-1/","https://www.debian.org/security/2018/dsa-4140","https://www.debian.org/security/2018/dsa-4143","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-08/","https://www.mozilla.org/security/advisories/mfsa2018-09/","http://www.securityfocus.com/bid/103432","http://www.securitytracker.com/id/1040544","https://access.redhat.com/errata/RHSA-2018:0549","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://access.redhat.com/errata/RHSA-2018:0649","https://access.redhat.com/errata/RHSA-2018:1058","https://bugzilla.mozilla.org/show_bug.cgi?id=1446062","https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00033.html","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://usn.ubuntu.com/3599-1/","https://usn.ubuntu.com/3604-1/","https://www.debian.org/security/2018/dsa-4140","https://www.debian.org/security/2018/dsa-4143","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-08/","https://www.mozilla.org/security/advisories/mfsa2018-09/"],"published_time":"2018-06-11T21:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5148","summary":"A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01596,"ranking_epss":0.81636,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103506","http://www.securitytracker.com/id/1040574","https://access.redhat.com/errata/RHSA-2018:1098","https://access.redhat.com/errata/RHSA-2018:1099","https://bugzilla.mozilla.org/show_bug.cgi?id=1440717","https://lists.debian.org/debian-lts-announce/2018/03/msg00023.html","https://usn.ubuntu.com/3609-1/","https://www.debian.org/security/2018/dsa-4153","https://www.mozilla.org/security/advisories/mfsa2018-10/","http://www.securityfocus.com/bid/103506","http://www.securitytracker.com/id/1040574","https://access.redhat.com/errata/RHSA-2018:1098","https://access.redhat.com/errata/RHSA-2018:1099","https://bugzilla.mozilla.org/show_bug.cgi?id=1440717","https://lists.debian.org/debian-lts-announce/2018/03/msg00023.html","https://usn.ubuntu.com/3609-1/","https://www.debian.org/security/2018/dsa-4153","https://www.mozilla.org/security/advisories/mfsa2018-10/"],"published_time":"2018-06-11T21:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5150","summary":"Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.03916,"ranking_epss":0.88263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/","http://www.securityfocus.com/bid/104136","http://www.securitytracker.com/id/1040896","https://access.redhat.com/errata/RHSA-2018:1414","https://access.redhat.com/errata/RHSA-2018:1415","https://access.redhat.com/errata/RHSA-2018:1725","https://access.redhat.com/errata/RHSA-2018:1726","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388020%2C1433609%2C1409440%2C1448705%2C1451376%2C1452202%2C1444668%2C1393367%2C1411415%2C1426129","https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3645-1/","https://usn.ubuntu.com/3660-1/","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2018/dsa-4199","https://www.debian.org/security/2018/dsa-4209","https://www.mozilla.org/security/advisories/mfsa2018-11/","https://www.mozilla.org/security/advisories/mfsa2018-12/","https://www.mozilla.org/security/advisories/mfsa2018-13/"],"published_time":"2018-06-11T21:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5117","summary":"If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.02154,"ranking_epss":0.84207,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1395508","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1395508","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5125","summary":"Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01069,"ranking_epss":0.77683,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://usn.ubuntu.com/3596-1/","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/","http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1416529%2C1434580%2C1434384%2C1437450%2C1437507%2C1426988%2C1438425%2C1324042%2C1437087%2C1443865%2C1425520","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://usn.ubuntu.com/3596-1/","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/"],"published_time":"2018-06-11T21:29:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5127","summary":"A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.20177,"ranking_epss":0.95475,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/show_bug.cgi?id=1430557","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://usn.ubuntu.com/3596-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/","http://www.securityfocus.com/bid/103388","http://www.securitytracker.com/id/1040514","https://access.redhat.com/errata/RHSA-2018:0526","https://access.redhat.com/errata/RHSA-2018:0527","https://access.redhat.com/errata/RHSA-2018:0647","https://access.redhat.com/errata/RHSA-2018:0648","https://bugzilla.mozilla.org/show_bug.cgi?id=1430557","https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html","https://security.gentoo.org/glsa/201810-01","https://security.gentoo.org/glsa/201811-13","https://usn.ubuntu.com/3545-1/","https://usn.ubuntu.com/3596-1/","https://www.debian.org/security/2018/dsa-4139","https://www.debian.org/security/2018/dsa-4155","https://www.mozilla.org/security/advisories/mfsa2018-06/","https://www.mozilla.org/security/advisories/mfsa2018-07/","https://www.mozilla.org/security/advisories/mfsa2018-09/"],"published_time":"2018-06-11T21:29:13","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7846","summary":"It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via \"View -> Feed article -> Website\" or in the standard format of \"View -> Feed article -> default format\". This vulnerability affects Thunderbird < 52.5.2.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01283,"ranking_epss":0.79572,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102258","http://www.securitytracker.com/id/1040123","https://access.redhat.com/errata/RHSA-2018:0061","https://bugzilla.mozilla.org/show_bug.cgi?id=1411716","https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-30/","http://www.securityfocus.com/bid/102258","http://www.securitytracker.com/id/1040123","https://access.redhat.com/errata/RHSA-2018:0061","https://bugzilla.mozilla.org/show_bug.cgi?id=1411716","https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-30/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7847","summary":"Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00879,"ranking_epss":0.75308,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102258","http://www.securitytracker.com/id/1040123","https://access.redhat.com/errata/RHSA-2018:0061","https://bugzilla.mozilla.org/show_bug.cgi?id=1411708","https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-30/","http://www.securityfocus.com/bid/102258","http://www.securitytracker.com/id/1040123","https://access.redhat.com/errata/RHSA-2018:0061","https://bugzilla.mozilla.org/show_bug.cgi?id=1411708","https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-30/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7848","summary":"RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.01887,"ranking_epss":0.83127,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102258","http://www.securitytracker.com/id/1040123","https://access.redhat.com/errata/RHSA-2018:0061","https://bugzilla.mozilla.org/show_bug.cgi?id=1411699","https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-30/","http://www.securityfocus.com/bid/102258","http://www.securitytracker.com/id/1040123","https://access.redhat.com/errata/RHSA-2018:0061","https://bugzilla.mozilla.org/show_bug.cgi?id=1411699","https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-30/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5089","summary":"Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02992,"ranking_epss":0.86508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1412420%2C1426783%2C1422389%2C1415598%2C1410134%2C1408017%2C1224396%2C1382366%2C1415582%2C1417797%2C1409951%2C1414452%2C1428589%2C1425780%2C1399520%2C1418854%2C1408276%2C1412145%2C1331209%2C1425612","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5091","summary":"A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02595,"ranking_epss":0.85544,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://bugzilla.mozilla.org/show_bug.cgi?id=1423086","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://bugzilla.mozilla.org/show_bug.cgi?id=1423086","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5095","summary":"An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02935,"ranking_epss":0.86381,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1418447","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1418447","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5096","summary":"A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01564,"ranking_epss":0.81455,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102771","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1418922","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102771","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1418922","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5097","summary":"A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.24112,"ranking_epss":0.96044,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1387427","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1387427","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5098","summary":"A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02935,"ranking_epss":0.86381,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1399400","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1399400","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5099","summary":"A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02974,"ranking_epss":0.86468,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1416878","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1416878","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5102","summary":"A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.24112,"ranking_epss":0.96044,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1419363","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1419363","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5103","summary":"A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02935,"ranking_epss":0.86381,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1423159","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1423159","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5104","summary":"A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.24112,"ranking_epss":0.96044,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1425000","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/","http://www.securityfocus.com/bid/102783","http://www.securitytracker.com/id/1040270","https://access.redhat.com/errata/RHSA-2018:0122","https://access.redhat.com/errata/RHSA-2018:0262","https://bugzilla.mozilla.org/show_bug.cgi?id=1425000","https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html","https://usn.ubuntu.com/3544-1/","https://www.debian.org/security/2018/dsa-4096","https://www.debian.org/security/2018/dsa-4102","https://www.mozilla.org/security/advisories/mfsa2018-02/","https://www.mozilla.org/security/advisories/mfsa2018-03/","https://www.mozilla.org/security/advisories/mfsa2018-04/"],"published_time":"2018-06-11T21:29:12","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7823","summary":"The content security policy (CSP) \"sandbox\" directive did not create a unique origin for the document, causing it to behave as if the \"allow-same-origin\" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","cvss":5.4,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.4,"epss":0.01416,"ranking_epss":0.80521,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101059","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1396320","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/","http://www.securityfocus.com/bid/101059","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1396320","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/"],"published_time":"2018-06-11T21:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7824","summary":"A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.12063,"ranking_epss":0.93763,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101053","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1398381","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/","http://www.securityfocus.com/bid/101053","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1398381","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/"],"published_time":"2018-06-11T21:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7826","summary":"Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.02383,"ranking_epss":0.84946,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101832","http://www.securitytracker.com/id/1039803","https://access.redhat.com/errata/RHSA-2017:3247","https://access.redhat.com/errata/RHSA-2017:3372","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804","https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html","https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2017/dsa-4035","https://www.debian.org/security/2017/dsa-4061","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-24/","https://www.mozilla.org/security/advisories/mfsa2017-25/","https://www.mozilla.org/security/advisories/mfsa2017-26/","http://www.securityfocus.com/bid/101832","http://www.securitytracker.com/id/1039803","https://access.redhat.com/errata/RHSA-2017:3247","https://access.redhat.com/errata/RHSA-2017:3372","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804","https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html","https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2017/dsa-4035","https://www.debian.org/security/2017/dsa-4061","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-24/","https://www.mozilla.org/security/advisories/mfsa2017-25/","https://www.mozilla.org/security/advisories/mfsa2017-26/"],"published_time":"2018-06-11T21:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7828","summary":"A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.28905,"ranking_epss":0.9654,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101832","http://www.securitytracker.com/id/1039803","https://access.redhat.com/errata/RHSA-2017:3247","https://access.redhat.com/errata/RHSA-2017:3372","https://bugzilla.mozilla.org/show_bug.cgi?id=1406750","https://bugzilla.mozilla.org/show_bug.cgi?id=1412252","https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html","https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html","https://www.debian.org/security/2017/dsa-4035","https://www.debian.org/security/2017/dsa-4061","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-24/","https://www.mozilla.org/security/advisories/mfsa2017-25/","https://www.mozilla.org/security/advisories/mfsa2017-26/","http://www.securityfocus.com/bid/101832","http://www.securitytracker.com/id/1039803","https://access.redhat.com/errata/RHSA-2017:3247","https://access.redhat.com/errata/RHSA-2017:3372","https://bugzilla.mozilla.org/show_bug.cgi?id=1406750","https://bugzilla.mozilla.org/show_bug.cgi?id=1412252","https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html","https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html","https://www.debian.org/security/2017/dsa-4035","https://www.debian.org/security/2017/dsa-4061","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-24/","https://www.mozilla.org/security/advisories/mfsa2017-25/","https://www.mozilla.org/security/advisories/mfsa2017-26/"],"published_time":"2018-06-11T21:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7829","summary":"It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.01597,"ranking_epss":0.81636,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102258","http://www.securitytracker.com/id/1040123","https://access.redhat.com/errata/RHSA-2018:0061","https://bugzilla.mozilla.org/show_bug.cgi?id=1423432","https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html","https://usn.ubuntu.com/3529-1/","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-30/","http://www.securityfocus.com/bid/102258","http://www.securitytracker.com/id/1040123","https://access.redhat.com/errata/RHSA-2018:0061","https://bugzilla.mozilla.org/show_bug.cgi?id=1423432","https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html","https://usn.ubuntu.com/3529-1/","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-30/"],"published_time":"2018-06-11T21:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7830","summary":"The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00862,"ranking_epss":0.75024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101832","http://www.securitytracker.com/id/1039803","https://access.redhat.com/errata/RHSA-2017:3247","https://access.redhat.com/errata/RHSA-2017:3372","https://bugzilla.mozilla.org/show_bug.cgi?id=1408990","https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html","https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html","https://www.debian.org/security/2017/dsa-4035","https://www.debian.org/security/2017/dsa-4061","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-24/","https://www.mozilla.org/security/advisories/mfsa2017-25/","https://www.mozilla.org/security/advisories/mfsa2017-26/","http://www.securityfocus.com/bid/101832","http://www.securitytracker.com/id/1039803","https://access.redhat.com/errata/RHSA-2017:3247","https://access.redhat.com/errata/RHSA-2017:3372","https://bugzilla.mozilla.org/show_bug.cgi?id=1408990","https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html","https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html","https://www.debian.org/security/2017/dsa-4035","https://www.debian.org/security/2017/dsa-4061","https://www.debian.org/security/2017/dsa-4075","https://www.mozilla.org/security/advisories/mfsa2017-24/","https://www.mozilla.org/security/advisories/mfsa2017-25/","https://www.mozilla.org/security/advisories/mfsa2017-26/"],"published_time":"2018-06-11T21:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7843","summary":"When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01058,"ranking_epss":0.77583,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102039","http://www.securityfocus.com/bid/102112","http://www.securitytracker.com/id/1039954","https://access.redhat.com/errata/RHSA-2017:3382","https://bugzilla.mozilla.org/show_bug.cgi?id=1410106","https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html","https://www.debian.org/security/2017/dsa-4062","https://www.mozilla.org/security/advisories/mfsa2017-27/","https://www.mozilla.org/security/advisories/mfsa2017-28/","http://www.securityfocus.com/bid/102039","http://www.securityfocus.com/bid/102112","http://www.securitytracker.com/id/1039954","https://access.redhat.com/errata/RHSA-2017:3382","https://bugzilla.mozilla.org/show_bug.cgi?id=1410106","https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html","https://www.debian.org/security/2017/dsa-4062","https://www.mozilla.org/security/advisories/mfsa2017-27/","https://www.mozilla.org/security/advisories/mfsa2017-28/"],"published_time":"2018-06-11T21:29:11","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7807","summary":"A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":8.1,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":8.1,"epss":0.00778,"ranking_epss":0.73609,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100242","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1376459","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100242","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1376459","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7809","summary":"A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02292,"ranking_epss":0.84664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100203","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1380284","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100203","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1380284","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7810","summary":"Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.02388,"ranking_epss":0.84957,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101054","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/","http://www.securityfocus.com/bid/101054","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://usn.ubuntu.com/3688-1/","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/"],"published_time":"2018-06-11T21:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7814","summary":"File downloads encoded with \"blob:\" and \"data:\" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00319,"ranking_epss":0.54951,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101059","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1376036","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/","http://www.securityfocus.com/bid/101059","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1376036","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/"],"published_time":"2018-06-11T21:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7818","summary":"A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.06919,"ranking_epss":0.91366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101055","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1363723","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/","http://www.securityfocus.com/bid/101055","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1363723","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/"],"published_time":"2018-06-11T21:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7819","summary":"A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.06919,"ranking_epss":0.91366,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101055","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1380292","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/","http://www.securityfocus.com/bid/101055","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1380292","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/"],"published_time":"2018-06-11T21:29:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7784","summary":"A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.05217,"ranking_epss":0.8991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100202","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1376087","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100202","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1376087","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7785","summary":"A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.08433,"ranking_epss":0.92316,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100206","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1356985","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100206","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1356985","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7786","summary":"A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.0852,"ranking_epss":0.92352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100206","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1365189","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100206","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1365189","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7787","summary":"Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00979,"ranking_epss":0.76708,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100234","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1322896","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100234","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1322896","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7791","summary":"On pages containing an iframe, the \"data:\" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.01355,"ranking_epss":0.80091,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100240","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1365875","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100240","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1365875","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7792","summary":"A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.07363,"ranking_epss":0.91682,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100206","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1368652","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100206","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1368652","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7793","summary":"A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02442,"ranking_epss":0.85127,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101055","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1371889","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/","http://www.securityfocus.com/bid/101055","http://www.securitytracker.com/id/1039465","https://access.redhat.com/errata/RHSA-2017:2831","https://access.redhat.com/errata/RHSA-2017:2885","https://bugzilla.mozilla.org/show_bug.cgi?id=1371889","https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3987","https://www.debian.org/security/2017/dsa-4014","https://www.mozilla.org/security/advisories/mfsa2017-21/","https://www.mozilla.org/security/advisories/mfsa2017-22/","https://www.mozilla.org/security/advisories/mfsa2017-23/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7798","summary":"The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.03574,"ranking_epss":0.87694,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100198","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1371586%2C1372112","https://www.debian.org/security/2017/dsa-3928","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","http://www.securityfocus.com/bid/100198","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1371586%2C1372112","https://www.debian.org/security/2017/dsa-3928","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7800","summary":"A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.04285,"ranking_epss":0.88815,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100196","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1374047","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100196","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1374047","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7801","summary":"A use-after-free vulnerability can occur while re-computing layout for a \"marquee\" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02318,"ranking_epss":0.84741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100197","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1371259","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100197","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1371259","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7802","summary":"A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02292,"ranking_epss":0.84664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100202","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1378147","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100202","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1378147","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7803","summary":"When a page's content security policy (CSP) header contains a \"sandbox\" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01098,"ranking_epss":0.77982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100234","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1377426","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100234","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1377426","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:09","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7758","summary":"An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"epss":0.01684,"ranking_epss":0.82151,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1368490","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/","http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1368490","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/"],"published_time":"2018-06-11T21:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7762","summary":"When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.0054,"ranking_epss":0.67571,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99047","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://bugzilla.mozilla.org/show_bug.cgi?id=1358248","https://www.mozilla.org/security/advisories/mfsa2017-15/","http://www.securityfocus.com/bid/99047","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2018:2112","https://access.redhat.com/errata/RHSA-2018:2113","https://bugzilla.mozilla.org/show_bug.cgi?id=1358248","https://www.mozilla.org/security/advisories/mfsa2017-15/"],"published_time":"2018-06-11T21:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7779","summary":"Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.02073,"ranking_epss":0.83906,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100201","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100201","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:08","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5460","summary":"A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01436,"ranking_epss":0.80656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1343642","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1343642","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5464","summary":"During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01436,"ranking_epss":0.80656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347075","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347075","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5465","summary":"An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"epss":0.22769,"ranking_epss":0.95851,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347617","https://www.debian.org/security/2017/dsa-3831","https://www.exploit-db.com/exploits/42072/","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347617","https://www.debian.org/security/2017/dsa-3831","https://www.exploit-db.com/exploits/42072/","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5466","summary":"If a page is loaded from an original site through a hyperlink and contains a redirect to a \"data:text/html\" URL, triggering a reload will run the reloaded \"data:text/html\" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.00624,"ranking_epss":0.70095,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1353975","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1353975","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5467","summary":"A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01301,"ranking_epss":0.79699,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347262","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347262","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5469","summary":"Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.04073,"ranking_epss":0.88508,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1292534","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1292534","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5470","summary":"Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01874,"ranking_epss":0.83073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99041","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1359639%2C1349595%2C1352295%2C1352556%2C1342552%2C1342567%2C1346012%2C1366140%2C1368732%2C1297111%2C1362590%2C1357462%2C1363280%2C1349266%2C1352093%2C1348424%2C1347748%2C1356025%2C1325513%2C1367692","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/","http://www.securityfocus.com/bid/99041","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1359639%2C1349595%2C1352295%2C1352556%2C1342552%2C1342567%2C1346012%2C1366140%2C1368732%2C1297111%2C1362590%2C1357462%2C1363280%2C1349266%2C1352093%2C1348424%2C1347748%2C1356025%2C1325513%2C1367692","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5472","summary":"A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01874,"ranking_epss":0.83073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99040","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1365602","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/","http://www.securityfocus.com/bid/99040","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1365602","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7749","summary":"A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01874,"ranking_epss":0.83073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1355039","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/","http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1355039","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7750","summary":"A use-after-free vulnerability during video control operations when a \"<track>\" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01874,"ranking_epss":0.83073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1356558","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/","http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1356558","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7751","summary":"A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01874,"ranking_epss":0.83073,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1363396","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/","http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1363396","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7752","summary":"A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00972,"ranking_epss":0.76608,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1359547","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/","http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1359547","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7753","summary":"An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"epss":0.01721,"ranking_epss":0.82352,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/100315","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1353312","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/","http://www.securityfocus.com/bid/100315","http://www.securitytracker.com/id/1039124","https://access.redhat.com/errata/RHSA-2017:2456","https://access.redhat.com/errata/RHSA-2017:2534","https://bugzilla.mozilla.org/show_bug.cgi?id=1353312","https://security.gentoo.org/glsa/201803-14","https://www.debian.org/security/2017/dsa-3928","https://www.debian.org/security/2017/dsa-3968","https://www.mozilla.org/security/advisories/mfsa2017-18/","https://www.mozilla.org/security/advisories/mfsa2017-19/","https://www.mozilla.org/security/advisories/mfsa2017-20/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7754","summary":"An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01409,"ranking_epss":0.80457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1357090","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/","http://www.securityfocus.com/bid/99057","http://www.securitytracker.com/id/1038689","https://access.redhat.com/errata/RHSA-2017:1440","https://access.redhat.com/errata/RHSA-2017:1561","https://bugzilla.mozilla.org/show_bug.cgi?id=1357090","https://www.debian.org/security/2017/dsa-3881","https://www.debian.org/security/2017/dsa-3918","https://www.mozilla.org/security/advisories/mfsa2017-15/","https://www.mozilla.org/security/advisories/mfsa2017-16/","https://www.mozilla.org/security/advisories/mfsa2017-17/"],"published_time":"2018-06-11T21:29:07","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5441","summary":"A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01915,"ranking_epss":0.83265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1343795","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1343795","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5442","summary":"A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01915,"ranking_epss":0.83265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347979","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347979","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5443","summary":"An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01436,"ranking_epss":0.80656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1342661","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1342661","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5444","summary":"A buffer overflow vulnerability while parsing \"application/http-index-format\" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01928,"ranking_epss":0.83335,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1344461","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1344461","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5445","summary":"A vulnerability while parsing \"application/http-index-format\" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.0214,"ranking_epss":0.84159,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1344467","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1344467","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5446","summary":"An out-of-bounds read when an HTTP/2 connection to a servers sends \"DATA\" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01013,"ranking_epss":0.77096,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1343505","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1343505","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5447","summary":"An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"epss":0.17133,"ranking_epss":0.94981,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1343552","https://www.debian.org/security/2017/dsa-3831","https://www.exploit-db.com/exploits/42071/","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1343552","https://www.debian.org/security/2017/dsa-3831","https://www.exploit-db.com/exploits/42071/","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5448","summary":"An out-of-bounds write in \"ClearKeyDecryptor\" while decrypting some Clearkey-encrypted media content. The \"ClearKeyDecryptor\" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":8.6,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":8.6,"epss":0.01377,"ranking_epss":0.80216,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://bugzilla.mozilla.org/show_bug.cgi?id=1346648","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://bugzilla.mozilla.org/show_bug.cgi?id=1346648","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5449","summary":"A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01152,"ranking_epss":0.78472,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1340127","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1340127","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5451","summary":"A mechanism to spoof the addressbar through the user interaction on the addressbar and the \"onblur\" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00551,"ranking_epss":0.67947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1273537","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1273537","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5454","summary":"A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00533,"ranking_epss":0.67325,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1349276","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1349276","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5455","summary":"The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.02652,"ranking_epss":0.85708,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://bugzilla.mozilla.org/show_bug.cgi?id=1341191","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://bugzilla.mozilla.org/show_bug.cgi?id=1341191","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5456","summary":"A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.00347,"ranking_epss":0.57274,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://bugzilla.mozilla.org/show_bug.cgi?id=1344415","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://bugzilla.mozilla.org/show_bug.cgi?id=1344415","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5459","summary":"A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.0631,"ranking_epss":0.90925,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1333858","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1333858","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:06","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5428","summary":"An integer overflow in \"createImageBitmap()\" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the \"createImageBitmap\" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.00371,"ranking_epss":0.58862,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0558.html","http://www.securityfocus.com/bid/96959","http://www.securitytracker.com/id/1038060","https://bugzilla.mozilla.org/show_bug.cgi?id=1348168","https://www.mozilla.org/security/advisories/mfsa2017-08/","http://rhn.redhat.com/errata/RHSA-2017-0558.html","http://www.securityfocus.com/bid/96959","http://www.securitytracker.com/id/1038060","https://bugzilla.mozilla.org/show_bug.cgi?id=1348168","https://www.mozilla.org/security/advisories/mfsa2017-08/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5429","summary":"Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01417,"ranking_epss":0.80524,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1343261%2C1350844%2C1341096%2C1342823%2C1348894%2C1348941%2C1349340%2C1352926%2C1353088%2C","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5430","summary":"Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.00746,"ranking_epss":0.73019,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1106","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1342101%2C1340482%2C1344686%2C1329796%2C1346419%2C1349621%2C1344081%2C1344305%2C1348143%2C1349719%2C1353476%2C1337418%2C1346140%2C1339722","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5432","summary":"A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01915,"ranking_epss":0.83265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1346654","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1346654","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5433","summary":"A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01436,"ranking_epss":0.80656,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347168","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1347168","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5434","summary":"A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01915,"ranking_epss":0.83265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1349946","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1349946","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5435","summary":"A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01773,"ranking_epss":0.82617,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1350683","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1350683","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5436","summary":"An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00994,"ranking_epss":0.7688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1345461","https://security.gentoo.org/glsa/201706-25","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1345461","https://security.gentoo.org/glsa/201706-25","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5438","summary":"A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01915,"ranking_epss":0.83265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1336828","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1336828","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5439","summary":"A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01915,"ranking_epss":0.83265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103053","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1336830","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/103053","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1336830","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5440","summary":"A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01915,"ranking_epss":0.83265,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1336832","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/","http://www.securityfocus.com/bid/97940","http://www.securitytracker.com/id/1038320","https://access.redhat.com/errata/RHSA-2017:1104","https://access.redhat.com/errata/RHSA-2017:1106","https://access.redhat.com/errata/RHSA-2017:1201","https://bugzilla.mozilla.org/show_bug.cgi?id=1336832","https://www.debian.org/security/2017/dsa-3831","https://www.mozilla.org/security/advisories/mfsa2017-10/","https://www.mozilla.org/security/advisories/mfsa2017-11/","https://www.mozilla.org/security/advisories/mfsa2017-12/","https://www.mozilla.org/security/advisories/mfsa2017-13/"],"published_time":"2018-06-11T21:29:05","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5400","summary":"JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.00999,"ranking_epss":0.76932,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96654","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1334933","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/","http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96654","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1334933","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/"],"published_time":"2018-06-11T21:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5401","summary":"A crash triggerable by web content in which an \"ErrorResult\" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02199,"ranking_epss":0.84365,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96677","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1328861","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/","http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96677","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1328861","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/"],"published_time":"2018-06-11T21:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5402","summary":"A use-after-free can occur when events are fired for a \"FontFace\" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02498,"ranking_epss":0.85279,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96664","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1334876","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/","http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96664","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1334876","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/"],"published_time":"2018-06-11T21:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5404","summary":"A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.21288,"ranking_epss":0.9566,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96664","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1340138","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.exploit-db.com/exploits/41660/","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/","http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96664","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1340138","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.exploit-db.com/exploits/41660/","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/"],"published_time":"2018-06-11T21:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5405","summary":"Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.02352,"ranking_epss":0.84848,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96693","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1336699","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/","http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96693","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1336699","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/"],"published_time":"2018-06-11T21:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5407","summary":"Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01045,"ranking_epss":0.77447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96693","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1336622","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/","http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96693","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1336622","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/"],"published_time":"2018-06-11T21:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5408","summary":"Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.01068,"ranking_epss":0.77681,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96693","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1313711","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/","http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96693","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1313711","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/"],"published_time":"2018-06-11T21:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5410","summary":"Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02531,"ranking_epss":0.85388,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96693","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1330687","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/","http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96693","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/show_bug.cgi?id=1330687","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/"],"published_time":"2018-06-11T21:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5380","summary":"A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01799,"ranking_epss":0.82735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1322107","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/","http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1322107","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/"],"published_time":"2018-06-11T21:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5383","summary":"URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.02444,"ranking_epss":0.85132,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1323338","https://bugzilla.mozilla.org/show_bug.cgi?id=1324716","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/","http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1323338","https://bugzilla.mozilla.org/show_bug.cgi?id=1324716","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/"],"published_time":"2018-06-11T21:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5386","summary":"WebExtension scripts can use the \"data:\" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.","cvss":7.3,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.3,"epss":0.01186,"ranking_epss":0.78764,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1319070","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1319070","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/"],"published_time":"2018-06-11T21:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5390","summary":"The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01748,"ranking_epss":0.82496,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1297361","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/","http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1297361","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/"],"published_time":"2018-06-11T21:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5396","summary":"A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01838,"ranking_epss":0.829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1329403","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/","http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1329403","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/"],"published_time":"2018-06-11T21:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5398","summary":"Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.03265,"ranking_epss":0.87115,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96651","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/","http://rhn.redhat.com/errata/RHSA-2017-0459.html","http://rhn.redhat.com/errata/RHSA-2017-0461.html","http://rhn.redhat.com/errata/RHSA-2017-0498.html","http://www.securityfocus.com/bid/96651","http://www.securitytracker.com/id/1037966","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510","https://security.gentoo.org/glsa/201705-06","https://security.gentoo.org/glsa/201705-07","https://www.debian.org/security/2017/dsa-3805","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-05/","https://www.mozilla.org/security/advisories/mfsa2017-06/","https://www.mozilla.org/security/advisories/mfsa2017-07/","https://www.mozilla.org/security/advisories/mfsa2017-09/"],"published_time":"2018-06-11T21:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9897","summary":"Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.0395,"ranking_epss":0.88315,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1301381","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1301381","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9898","summary":"Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02604,"ranking_epss":0.8557,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1314442","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1314442","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9899","summary":"Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.36421,"ranking_epss":0.97099,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1317409","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.exploit-db.com/exploits/41042/","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1317409","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.exploit-db.com/exploits/41042/","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9900","summary":"External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of \"data:\" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01011,"ranking_epss":0.77071,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1319122","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1319122","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9901","summary":"HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the \"about:pocket-saved\" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.0203,"ranking_epss":0.83748,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1320057","https://security.gentoo.org/glsa/201701-15","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1320057","https://security.gentoo.org/glsa/201701-15","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9902","summary":"The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00411,"ranking_epss":0.61353,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1320039","https://security.gentoo.org/glsa/201701-15","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1320039","https://security.gentoo.org/glsa/201701-15","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9904","summary":"An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01192,"ranking_epss":0.78818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1317936","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1317936","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9905","summary":"A potentially exploitable crash in \"EnumerateSubDocuments\" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01174,"ranking_epss":0.78664,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94884","http://www.securitytracker.com/id/1037462","https://bugzilla.mozilla.org/show_bug.cgi?id=1293985","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94884","http://www.securitytracker.com/id/1037462","https://bugzilla.mozilla.org/show_bug.cgi?id=1293985","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5373","summary":"Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01799,"ranking_epss":0.82735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95762","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/","http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95762","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5375","summary":"JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.60738,"ranking_epss":0.98281,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95757","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1325200","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.exploit-db.com/exploits/42327/","https://www.exploit-db.com/exploits/44293/","https://www.exploit-db.com/exploits/44294/","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/","http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95757","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1325200","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.exploit-db.com/exploits/42327/","https://www.exploit-db.com/exploits/44293/","https://www.exploit-db.com/exploits/44294/","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5376","summary":"Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01799,"ranking_epss":0.82735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95758","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1311687","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/","http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95758","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1311687","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-5378","summary":"Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01705,"ranking_epss":0.82263,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1312001","https://bugzilla.mozilla.org/show_bug.cgi?id=1330769","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/","http://rhn.redhat.com/errata/RHSA-2017-0190.html","http://rhn.redhat.com/errata/RHSA-2017-0238.html","http://www.securityfocus.com/bid/95769","http://www.securitytracker.com/id/1037693","https://bugzilla.mozilla.org/show_bug.cgi?id=1312001","https://bugzilla.mozilla.org/show_bug.cgi?id=1330769","https://security.gentoo.org/glsa/201702-13","https://security.gentoo.org/glsa/201702-22","https://www.debian.org/security/2017/dsa-3771","https://www.debian.org/security/2017/dsa-3832","https://www.mozilla.org/security/advisories/mfsa2017-01/","https://www.mozilla.org/security/advisories/mfsa2017-02/","https://www.mozilla.org/security/advisories/mfsa2017-03/"],"published_time":"2018-06-11T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9079","summary":"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.84813,"ranking_epss":0.99337,"kev":true,"propose_action":"Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.","ransomware_campaign":"Unknown","references":["http://rhn.redhat.com/errata/RHSA-2016-2843.html","http://rhn.redhat.com/errata/RHSA-2016-2850.html","http://www.securityfocus.com/bid/94591","http://www.securitytracker.com/id/1037370","https://bugzilla.mozilla.org/show_bug.cgi?id=1321066","https://security.gentoo.org/glsa/201701-15","https://security.gentoo.org/glsa/201701-35","https://www.debian.org/security/2016/dsa-3730","https://www.exploit-db.com/exploits/41151/","https://www.exploit-db.com/exploits/42327/","https://www.mozilla.org/security/advisories/mfsa2016-92/","http://rhn.redhat.com/errata/RHSA-2016-2843.html","http://rhn.redhat.com/errata/RHSA-2016-2850.html","http://www.securityfocus.com/bid/94591","http://www.securitytracker.com/id/1037370","https://bugzilla.mozilla.org/show_bug.cgi?id=1321066","https://security.gentoo.org/glsa/201701-15","https://security.gentoo.org/glsa/201701-35","https://www.debian.org/security/2016/dsa-3730","https://www.exploit-db.com/exploits/41151/","https://www.exploit-db.com/exploits/42327/","https://www.mozilla.org/security/advisories/mfsa2016-92/","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079"],"published_time":"2018-06-11T21:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9893","summary":"Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.02683,"ranking_epss":0.85797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/"],"published_time":"2018-06-11T21:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9895","summary":"Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.00709,"ranking_epss":0.72169,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1312272","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/","http://rhn.redhat.com/errata/RHSA-2016-2946.html","http://rhn.redhat.com/errata/RHSA-2016-2973.html","http://www.securityfocus.com/bid/94885","http://www.securitytracker.com/id/1037461","https://bugzilla.mozilla.org/show_bug.cgi?id=1312272","https://security.gentoo.org/glsa/201701-15","https://www.debian.org/security/2017/dsa-3757","https://www.mozilla.org/security/advisories/mfsa2016-94/","https://www.mozilla.org/security/advisories/mfsa2016-95/","https://www.mozilla.org/security/advisories/mfsa2016-96/"],"published_time":"2018-06-11T21:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-12020","summary":"mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.02796,"ranking_epss":0.86055,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://openwall.com/lists/oss-security/2018/06/08/2","http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html","http://seclists.org/fulldisclosure/2019/Apr/38","http://www.openwall.com/lists/oss-security/2019/04/30/4","http://www.securityfocus.com/bid/104450","http://www.securitytracker.com/id/1041051","https://access.redhat.com/errata/RHSA-2018:2180","https://access.redhat.com/errata/RHSA-2018:2181","https://dev.gnupg.org/T4012","https://github.com/RUB-NDS/Johnny-You-Are-Fired","https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html","https://usn.ubuntu.com/3675-1/","https://usn.ubuntu.com/3675-2/","https://usn.ubuntu.com/3675-3/","https://usn.ubuntu.com/3964-1/","https://www.debian.org/security/2018/dsa-4222","https://www.debian.org/security/2018/dsa-4223","https://www.debian.org/security/2018/dsa-4224","http://openwall.com/lists/oss-security/2018/06/08/2","http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html","http://seclists.org/fulldisclosure/2019/Apr/38","http://www.openwall.com/lists/oss-security/2019/04/30/4","http://www.securityfocus.com/bid/104450","http://www.securitytracker.com/id/1041051","https://access.redhat.com/errata/RHSA-2018:2180","https://access.redhat.com/errata/RHSA-2018:2181","https://dev.gnupg.org/T4012","https://github.com/RUB-NDS/Johnny-You-Are-Fired","https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html","https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html","https://usn.ubuntu.com/3675-1/","https://usn.ubuntu.com/3675-2/","https://usn.ubuntu.com/3675-3/","https://usn.ubuntu.com/3964-1/","https://www.debian.org/security/2018/dsa-4222","https://www.debian.org/security/2018/dsa-4223","https://www.debian.org/security/2018/dsa-4224"],"published_time":"2018-06-08T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-11235","summary":"In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.4172,"ranking_epss":0.97402,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","http://www.securityfocus.com/bid/104345","http://www.securitytracker.com/id/1040991","https://access.redhat.com/errata/RHSA-2018:1957","https://access.redhat.com/errata/RHSA-2018:2147","https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/","https://marc.info/?l=git&m=152761328506724&w=2","https://security.gentoo.org/glsa/201805-13","https://usn.ubuntu.com/3671-1/","https://www.debian.org/security/2018/dsa-4212","https://www.exploit-db.com/exploits/44822/","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","http://www.securityfocus.com/bid/104345","http://www.securitytracker.com/id/1040991","https://access.redhat.com/errata/RHSA-2018:1957","https://access.redhat.com/errata/RHSA-2018:2147","https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/","https://marc.info/?l=git&m=152761328506724&w=2","https://security.gentoo.org/glsa/201805-13","https://usn.ubuntu.com/3671-1/","https://www.debian.org/security/2018/dsa-4212","https://www.exploit-db.com/exploits/44822/"],"published_time":"2018-05-30T04:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000199","summary":"The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.00478,"ranking_epss":0.64936,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://www.securitytracker.com/id/1040806","https://access.redhat.com/errata/RHSA-2018:1318","https://access.redhat.com/errata/RHSA-2018:1345","https://access.redhat.com/errata/RHSA-2018:1347","https://access.redhat.com/errata/RHSA-2018:1348","https://access.redhat.com/errata/RHSA-2018:1354","https://access.redhat.com/errata/RHSA-2018:1355","https://access.redhat.com/errata/RHSA-2018:1374","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://lkml.org/lkml/2018/4/6/813","https://usn.ubuntu.com/3641-1/","https://usn.ubuntu.com/3641-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188","http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html","http://www.securitytracker.com/id/1040806","https://access.redhat.com/errata/RHSA-2018:1318","https://access.redhat.com/errata/RHSA-2018:1345","https://access.redhat.com/errata/RHSA-2018:1347","https://access.redhat.com/errata/RHSA-2018:1348","https://access.redhat.com/errata/RHSA-2018:1354","https://access.redhat.com/errata/RHSA-2018:1355","https://access.redhat.com/errata/RHSA-2018:1374","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://lkml.org/lkml/2018/4/6/813","https://usn.ubuntu.com/3641-1/","https://usn.ubuntu.com/3641-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188"],"published_time":"2018-05-24T13:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000301","summary":"curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"epss":0.02761,"ranking_epss":0.85975,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/104225","http://www.securitytracker.com/id/1040931","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-b138.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html","https://security.gentoo.org/glsa/201806-05","https://usn.ubuntu.com/3598-2/","https://usn.ubuntu.com/3648-1/","https://www.debian.org/security/2018/dsa-4202","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/104225","http://www.securitytracker.com/id/1040931","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-b138.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00010.html","https://security.gentoo.org/glsa/201806-05","https://usn.ubuntu.com/3598-2/","https://usn.ubuntu.com/3648-1/","https://www.debian.org/security/2018/dsa-4202","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"],"published_time":"2018-05-24T13:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1124","summary":"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.","cvss":7.3,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.3,"epss":0.00462,"ranking_epss":0.64152,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html","http://seclists.org/oss-sec/2018/q2/122","http://www.securityfocus.com/bid/104214","http://www.securitytracker.com/id/1041057","https://access.redhat.com/errata/RHSA-2018:1700","https://access.redhat.com/errata/RHSA-2018:1777","https://access.redhat.com/errata/RHSA-2018:1820","https://access.redhat.com/errata/RHSA-2018:2267","https://access.redhat.com/errata/RHSA-2018:2268","https://access.redhat.com/errata/RHSA-2019:1944","https://access.redhat.com/errata/RHSA-2019:2401","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://kc.mcafee.com/corporate/index?page=content&id=SB10241","https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html","https://security.gentoo.org/glsa/201805-14","https://usn.ubuntu.com/3658-1/","https://usn.ubuntu.com/3658-2/","https://www.debian.org/security/2018/dsa-4208","https://www.exploit-db.com/exploits/44806/","https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html","http://seclists.org/oss-sec/2018/q2/122","http://www.securityfocus.com/bid/104214","http://www.securitytracker.com/id/1041057","https://access.redhat.com/errata/RHSA-2018:1700","https://access.redhat.com/errata/RHSA-2018:1777","https://access.redhat.com/errata/RHSA-2018:1820","https://access.redhat.com/errata/RHSA-2018:2267","https://access.redhat.com/errata/RHSA-2018:2268","https://access.redhat.com/errata/RHSA-2019:1944","https://access.redhat.com/errata/RHSA-2019:2401","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://kc.mcafee.com/corporate/index?page=content&id=SB10241","https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html","https://security.gentoo.org/glsa/201805-14","https://usn.ubuntu.com/3658-1/","https://usn.ubuntu.com/3658-2/","https://www.debian.org/security/2018/dsa-4208","https://www.exploit-db.com/exploits/44806/","https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"],"published_time":"2018-05-23T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1126","summary":"procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.","cvss":4.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":4.8,"epss":0.0049,"ranking_epss":0.65527,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html","http://seclists.org/oss-sec/2018/q2/122","http://www.securityfocus.com/bid/104214","http://www.securitytracker.com/id/1041057","https://access.redhat.com/errata/RHSA-2018:1700","https://access.redhat.com/errata/RHSA-2018:1777","https://access.redhat.com/errata/RHSA-2018:1820","https://access.redhat.com/errata/RHSA-2018:2267","https://access.redhat.com/errata/RHSA-2018:2268","https://access.redhat.com/errata/RHSA-2019:1944","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html","https://usn.ubuntu.com/3658-1/","https://usn.ubuntu.com/3658-2/","https://www.debian.org/security/2018/dsa-4208","https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html","http://seclists.org/oss-sec/2018/q2/122","http://www.securityfocus.com/bid/104214","http://www.securitytracker.com/id/1041057","https://access.redhat.com/errata/RHSA-2018:1700","https://access.redhat.com/errata/RHSA-2018:1777","https://access.redhat.com/errata/RHSA-2018:1820","https://access.redhat.com/errata/RHSA-2018:2267","https://access.redhat.com/errata/RHSA-2018:2268","https://access.redhat.com/errata/RHSA-2019:1944","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html","https://usn.ubuntu.com/3658-1/","https://usn.ubuntu.com/3658-2/","https://www.debian.org/security/2018/dsa-4208","https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"],"published_time":"2018-05-23T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-3639","summary":"Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.39422,"ranking_epss":0.9728,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html","http://support.lenovo.com/us/en/solutions/LEN-22133","http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html","http://www.openwall.com/lists/oss-security/2020/06/10/1","http://www.openwall.com/lists/oss-security/2020/06/10/2","http://www.openwall.com/lists/oss-security/2020/06/10/5","http://www.securityfocus.com/bid/104232","http://www.securitytracker.com/id/1040949","http://www.securitytracker.com/id/1042004","http://xenbits.xen.org/xsa/advisory-263.html","https://access.redhat.com/errata/RHSA-2018:1629","https://access.redhat.com/errata/RHSA-2018:1630","https://access.redhat.com/errata/RHSA-2018:1632","https://access.redhat.com/errata/RHSA-2018:1633","https://access.redhat.com/errata/RHSA-2018:1635","https://access.redhat.com/errata/RHSA-2018:1636","https://access.redhat.com/errata/RHSA-2018:1637","https://access.redhat.com/errata/RHSA-2018:1638","https://access.redhat.com/errata/RHSA-2018:1639","https://access.redhat.com/errata/RHSA-2018:1640","https://access.redhat.com/errata/RHSA-2018:1641","https://access.redhat.com/errata/RHSA-2018:1642","https://access.redhat.com/errata/RHSA-2018:1643","https://access.redhat.com/errata/RHSA-2018:1644","https://access.redhat.com/errata/RHSA-2018:1645","https://access.redhat.com/errata/RHSA-2018:1646","https://access.redhat.com/errata/RHSA-2018:1647","https://access.redhat.com/errata/RHSA-2018:1648","https://access.redhat.com/errata/RHSA-2018:1649","https://access.redhat.com/errata/RHSA-2018:1650","https://access.redhat.com/errata/RHSA-2018:1651","https://access.redhat.com/errata/RHSA-2018:1652","https://access.redhat.com/errata/RHSA-2018:1653","https://access.redhat.com/errata/RHSA-2018:1654","https://access.redhat.com/errata/RHSA-2018:1655","https://access.redhat.com/errata/RHSA-2018:1656","https://access.redhat.com/errata/RHSA-2018:1657","https://access.redhat.com/errata/RHSA-2018:1658","https://access.redhat.com/errata/RHSA-2018:1659","https://access.redhat.com/errata/RHSA-2018:1660","https://access.redhat.com/errata/RHSA-2018:1661","https://access.redhat.com/errata/RHSA-2018:1662","https://access.redhat.com/errata/RHSA-2018:1663","https://access.redhat.com/errata/RHSA-2018:1664","https://access.redhat.com/errata/RHSA-2018:1665","https://access.redhat.com/errata/RHSA-2018:1666","https://access.redhat.com/errata/RHSA-2018:1667","https://access.redhat.com/errata/RHSA-2018:1668","https://access.redhat.com/errata/RHSA-2018:1669","https://access.redhat.com/errata/RHSA-2018:1674","https://access.redhat.com/errata/RHSA-2018:1675","https://access.redhat.com/errata/RHSA-2018:1676","https://access.redhat.com/errata/RHSA-2018:1686","https://access.redhat.com/errata/RHSA-2018:1688","https://access.redhat.com/errata/RHSA-2018:1689","https://access.redhat.com/errata/RHSA-2018:1690","https://access.redhat.com/errata/RHSA-2018:1696","https://access.redhat.com/errata/RHSA-2018:1710","https://access.redhat.com/errata/RHSA-2018:1711","https://access.redhat.com/errata/RHSA-2018:1737","https://access.redhat.com/errata/RHSA-2018:1738","https://access.redhat.com/errata/RHSA-2018:1826","https://access.redhat.com/errata/RHSA-2018:1854","https://access.redhat.com/errata/RHSA-2018:1965","https://access.redhat.com/errata/RHSA-2018:1967","https://access.redhat.com/errata/RHSA-2018:1997","https://access.redhat.com/errata/RHSA-2018:2001","https://access.redhat.com/errata/RHSA-2018:2003","https://access.redhat.com/errata/RHSA-2018:2006","https://access.redhat.com/errata/RHSA-2018:2060","https://access.redhat.com/errata/RHSA-2018:2161","https://access.redhat.com/errata/RHSA-2018:2162","https://access.redhat.com/errata/RHSA-2018:2164","https://access.redhat.com/errata/RHSA-2018:2171","https://access.redhat.com/errata/RHSA-2018:2172","https://access.redhat.com/errata/RHSA-2018:2216","https://access.redhat.com/errata/RHSA-2018:2228","https://access.redhat.com/errata/RHSA-2018:2246","https://access.redhat.com/errata/RHSA-2018:2250","https://access.redhat.com/errata/RHSA-2018:2258","https://access.redhat.com/errata/RHSA-2018:2289","https://access.redhat.com/errata/RHSA-2018:2309","https://access.redhat.com/errata/RHSA-2018:2328","https://access.redhat.com/errata/RHSA-2018:2363","https://access.redhat.com/errata/RHSA-2018:2364","https://access.redhat.com/errata/RHSA-2018:2387","https://access.redhat.com/errata/RHSA-2018:2394","https://access.redhat.com/errata/RHSA-2018:2396","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3396","https://access.redhat.com/errata/RHSA-2018:3397","https://access.redhat.com/errata/RHSA-2018:3398","https://access.redhat.com/errata/RHSA-2018:3399","https://access.redhat.com/errata/RHSA-2018:3400","https://access.redhat.com/errata/RHSA-2018:3401","https://access.redhat.com/errata/RHSA-2018:3402","https://access.redhat.com/errata/RHSA-2018:3407","https://access.redhat.com/errata/RHSA-2018:3423","https://access.redhat.com/errata/RHSA-2018:3424","https://access.redhat.com/errata/RHSA-2018:3425","https://access.redhat.com/errata/RHSA-2019:0148","https://access.redhat.com/errata/RHSA-2019:1046","https://bugs.chromium.org/p/project-zero/issues/detail?id=1528","https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf","https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf","https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://nvidia.custhelp.com/app/answers/detail/a_id/4787","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012","https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004","https://seclists.org/bugtraq/2019/Jun/36","https://security.netapp.com/advisory/ntap-20180521-0001/","https://support.citrix.com/article/CTX235225","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us","https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel","https://usn.ubuntu.com/3651-1/","https://usn.ubuntu.com/3652-1/","https://usn.ubuntu.com/3653-1/","https://usn.ubuntu.com/3653-2/","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3655-1/","https://usn.ubuntu.com/3655-2/","https://usn.ubuntu.com/3679-1/","https://usn.ubuntu.com/3680-1/","https://usn.ubuntu.com/3756-1/","https://usn.ubuntu.com/3777-3/","https://www.debian.org/security/2018/dsa-4210","https://www.debian.org/security/2018/dsa-4273","https://www.exploit-db.com/exploits/44695/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html","https://www.kb.cert.org/vuls/id/180049","https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.synology.com/support/security/Synology_SA_18_23","https://www.us-cert.gov/ncas/alerts/TA18-141A","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html","http://support.lenovo.com/us/en/solutions/LEN-22133","http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html","http://www.openwall.com/lists/oss-security/2020/06/10/1","http://www.openwall.com/lists/oss-security/2020/06/10/2","http://www.openwall.com/lists/oss-security/2020/06/10/5","http://www.securityfocus.com/bid/104232","http://www.securitytracker.com/id/1040949","http://www.securitytracker.com/id/1042004","http://xenbits.xen.org/xsa/advisory-263.html","https://access.redhat.com/errata/RHSA-2018:1629","https://access.redhat.com/errata/RHSA-2018:1630","https://access.redhat.com/errata/RHSA-2018:1632","https://access.redhat.com/errata/RHSA-2018:1633","https://access.redhat.com/errata/RHSA-2018:1635","https://access.redhat.com/errata/RHSA-2018:1636","https://access.redhat.com/errata/RHSA-2018:1637","https://access.redhat.com/errata/RHSA-2018:1638","https://access.redhat.com/errata/RHSA-2018:1639","https://access.redhat.com/errata/RHSA-2018:1640","https://access.redhat.com/errata/RHSA-2018:1641","https://access.redhat.com/errata/RHSA-2018:1642","https://access.redhat.com/errata/RHSA-2018:1643","https://access.redhat.com/errata/RHSA-2018:1644","https://access.redhat.com/errata/RHSA-2018:1645","https://access.redhat.com/errata/RHSA-2018:1646","https://access.redhat.com/errata/RHSA-2018:1647","https://access.redhat.com/errata/RHSA-2018:1648","https://access.redhat.com/errata/RHSA-2018:1649","https://access.redhat.com/errata/RHSA-2018:1650","https://access.redhat.com/errata/RHSA-2018:1651","https://access.redhat.com/errata/RHSA-2018:1652","https://access.redhat.com/errata/RHSA-2018:1653","https://access.redhat.com/errata/RHSA-2018:1654","https://access.redhat.com/errata/RHSA-2018:1655","https://access.redhat.com/errata/RHSA-2018:1656","https://access.redhat.com/errata/RHSA-2018:1657","https://access.redhat.com/errata/RHSA-2018:1658","https://access.redhat.com/errata/RHSA-2018:1659","https://access.redhat.com/errata/RHSA-2018:1660","https://access.redhat.com/errata/RHSA-2018:1661","https://access.redhat.com/errata/RHSA-2018:1662","https://access.redhat.com/errata/RHSA-2018:1663","https://access.redhat.com/errata/RHSA-2018:1664","https://access.redhat.com/errata/RHSA-2018:1665","https://access.redhat.com/errata/RHSA-2018:1666","https://access.redhat.com/errata/RHSA-2018:1667","https://access.redhat.com/errata/RHSA-2018:1668","https://access.redhat.com/errata/RHSA-2018:1669","https://access.redhat.com/errata/RHSA-2018:1674","https://access.redhat.com/errata/RHSA-2018:1675","https://access.redhat.com/errata/RHSA-2018:1676","https://access.redhat.com/errata/RHSA-2018:1686","https://access.redhat.com/errata/RHSA-2018:1688","https://access.redhat.com/errata/RHSA-2018:1689","https://access.redhat.com/errata/RHSA-2018:1690","https://access.redhat.com/errata/RHSA-2018:1696","https://access.redhat.com/errata/RHSA-2018:1710","https://access.redhat.com/errata/RHSA-2018:1711","https://access.redhat.com/errata/RHSA-2018:1737","https://access.redhat.com/errata/RHSA-2018:1738","https://access.redhat.com/errata/RHSA-2018:1826","https://access.redhat.com/errata/RHSA-2018:1854","https://access.redhat.com/errata/RHSA-2018:1965","https://access.redhat.com/errata/RHSA-2018:1967","https://access.redhat.com/errata/RHSA-2018:1997","https://access.redhat.com/errata/RHSA-2018:2001","https://access.redhat.com/errata/RHSA-2018:2003","https://access.redhat.com/errata/RHSA-2018:2006","https://access.redhat.com/errata/RHSA-2018:2060","https://access.redhat.com/errata/RHSA-2018:2161","https://access.redhat.com/errata/RHSA-2018:2162","https://access.redhat.com/errata/RHSA-2018:2164","https://access.redhat.com/errata/RHSA-2018:2171","https://access.redhat.com/errata/RHSA-2018:2172","https://access.redhat.com/errata/RHSA-2018:2216","https://access.redhat.com/errata/RHSA-2018:2228","https://access.redhat.com/errata/RHSA-2018:2246","https://access.redhat.com/errata/RHSA-2018:2250","https://access.redhat.com/errata/RHSA-2018:2258","https://access.redhat.com/errata/RHSA-2018:2289","https://access.redhat.com/errata/RHSA-2018:2309","https://access.redhat.com/errata/RHSA-2018:2328","https://access.redhat.com/errata/RHSA-2018:2363","https://access.redhat.com/errata/RHSA-2018:2364","https://access.redhat.com/errata/RHSA-2018:2387","https://access.redhat.com/errata/RHSA-2018:2394","https://access.redhat.com/errata/RHSA-2018:2396","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3396","https://access.redhat.com/errata/RHSA-2018:3397","https://access.redhat.com/errata/RHSA-2018:3398","https://access.redhat.com/errata/RHSA-2018:3399","https://access.redhat.com/errata/RHSA-2018:3400","https://access.redhat.com/errata/RHSA-2018:3401","https://access.redhat.com/errata/RHSA-2018:3402","https://access.redhat.com/errata/RHSA-2018:3407","https://access.redhat.com/errata/RHSA-2018:3423","https://access.redhat.com/errata/RHSA-2018:3424","https://access.redhat.com/errata/RHSA-2018:3425","https://access.redhat.com/errata/RHSA-2019:0148","https://access.redhat.com/errata/RHSA-2019:1046","https://bugs.chromium.org/p/project-zero/issues/detail?id=1528","https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf","https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf","https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf","https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00038.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","https://nvidia.custhelp.com/app/answers/detail/a_id/4787","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012","https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0004","https://seclists.org/bugtraq/2019/Jun/36","https://security.netapp.com/advisory/ntap-20180521-0001/","https://support.citrix.com/article/CTX235225","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03850en_us","https://support.oracle.com/knowledge/Sun%20Microsystems/2481872_1.html","https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180521-cpusidechannel","https://usn.ubuntu.com/3651-1/","https://usn.ubuntu.com/3652-1/","https://usn.ubuntu.com/3653-1/","https://usn.ubuntu.com/3653-2/","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3655-1/","https://usn.ubuntu.com/3655-2/","https://usn.ubuntu.com/3679-1/","https://usn.ubuntu.com/3680-1/","https://usn.ubuntu.com/3756-1/","https://usn.ubuntu.com/3777-3/","https://www.debian.org/security/2018/dsa-4210","https://www.debian.org/security/2018/dsa-4273","https://www.exploit-db.com/exploits/44695/","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html","https://www.kb.cert.org/vuls/id/180049","https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0006","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.synology.com/support/security/Synology_SA_18_23","https://www.us-cert.gov/ncas/alerts/TA18-141A"],"published_time":"2018-05-22T12:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4944","summary":"Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.24003,"ranking_epss":0.9601,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104101","http://www.securitytracker.com/id/1040840","https://access.redhat.com/errata/RHSA-2018:1367","https://helpx.adobe.com/security/products/flash-player/apsb18-16.html","https://security.gentoo.org/glsa/201806-02","http://www.securityfocus.com/bid/104101","http://www.securitytracker.com/id/1040840","https://access.redhat.com/errata/RHSA-2018:1367","https://helpx.adobe.com/security/products/flash-player/apsb18-16.html","https://security.gentoo.org/glsa/201806-02"],"published_time":"2018-05-19T17:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-11236","summary":"stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.00965,"ranking_epss":0.76523,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104255","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3092","https://security.netapp.com/advisory/ntap-20190329-0001/","https://security.netapp.com/advisory/ntap-20190401-0001/","https://sourceware.org/bugzilla/show_bug.cgi?id=22786","https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=5460617d1567657621107d895ee2dd83bc1f88f2","https://usn.ubuntu.com/4416-1/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","http://www.securityfocus.com/bid/104255","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3092","https://security.netapp.com/advisory/ntap-20190329-0001/","https://security.netapp.com/advisory/ntap-20190401-0001/","https://sourceware.org/bugzilla/show_bug.cgi?id=22786","https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=5460617d1567657621107d895ee2dd83bc1f88f2","https://usn.ubuntu.com/4416-1/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"],"published_time":"2018-05-18T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-11237","summary":"An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00797,"ranking_epss":0.73972,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104256","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3092","https://security.netapp.com/advisory/ntap-20190329-0001/","https://security.netapp.com/advisory/ntap-20190401-0001/","https://sourceware.org/bugzilla/show_bug.cgi?id=23196","https://usn.ubuntu.com/4416-1/","https://www.exploit-db.com/exploits/44750/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","http://www.securityfocus.com/bid/104256","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3092","https://security.netapp.com/advisory/ntap-20190329-0001/","https://security.netapp.com/advisory/ntap-20190401-0001/","https://sourceware.org/bugzilla/show_bug.cgi?id=23196","https://usn.ubuntu.com/4416-1/","https://www.exploit-db.com/exploits/44750/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"],"published_time":"2018-05-18T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1111","summary":"DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.9,"cvss_v3":7.5,"epss":0.89183,"ranking_epss":0.99529,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104195","http://www.securitytracker.com/id/1040912","https://access.redhat.com/errata/RHSA-2018:1453","https://access.redhat.com/errata/RHSA-2018:1454","https://access.redhat.com/errata/RHSA-2018:1455","https://access.redhat.com/errata/RHSA-2018:1456","https://access.redhat.com/errata/RHSA-2018:1457","https://access.redhat.com/errata/RHSA-2018:1458","https://access.redhat.com/errata/RHSA-2018:1459","https://access.redhat.com/errata/RHSA-2018:1460","https://access.redhat.com/errata/RHSA-2018:1461","https://access.redhat.com/errata/RHSA-2018:1524","https://access.redhat.com/security/vulnerabilities/3442151","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/","https://www.exploit-db.com/exploits/44652/","https://www.exploit-db.com/exploits/44890/","https://www.tenable.com/security/tns-2018-10","http://www.securityfocus.com/bid/104195","http://www.securitytracker.com/id/1040912","https://access.redhat.com/errata/RHSA-2018:1453","https://access.redhat.com/errata/RHSA-2018:1454","https://access.redhat.com/errata/RHSA-2018:1455","https://access.redhat.com/errata/RHSA-2018:1456","https://access.redhat.com/errata/RHSA-2018:1457","https://access.redhat.com/errata/RHSA-2018:1458","https://access.redhat.com/errata/RHSA-2018:1459","https://access.redhat.com/errata/RHSA-2018:1460","https://access.redhat.com/errata/RHSA-2018:1461","https://access.redhat.com/errata/RHSA-2018:1524","https://access.redhat.com/security/vulnerabilities/3442151","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1111","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDCLLCHYFFXW354HMB5QBXOQOY5BH2EJ/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDJA4QRR74TMXW34Q3DYYFPVBYRTJBI7/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMTTB54QNTPD2SK6UL32EVQHMZP6BUUD/","https://www.exploit-db.com/exploits/44652/","https://www.exploit-db.com/exploits/44890/","https://www.tenable.com/security/tns-2018-10"],"published_time":"2018-05-17T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-11212","summary":"An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01902,"ranking_epss":0.83195,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.ijg.org/","http://www.securityfocus.com/bid/106583","https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0473","https://access.redhat.com/errata/RHSA-2019:0474","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:2052","https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a","https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git","https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html","https://security.netapp.com/advisory/ntap-20190118-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us","https://usn.ubuntu.com/3706-1/","https://usn.ubuntu.com/3706-2/","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html","http://www.ijg.org/","http://www.securityfocus.com/bid/106583","https://access.redhat.com/errata/RHSA-2019:0469","https://access.redhat.com/errata/RHSA-2019:0472","https://access.redhat.com/errata/RHSA-2019:0473","https://access.redhat.com/errata/RHSA-2019:0474","https://access.redhat.com/errata/RHSA-2019:0640","https://access.redhat.com/errata/RHSA-2019:1238","https://access.redhat.com/errata/RHSA-2019:2052","https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a","https://github.com/zzyyrr/divide-by-zero-in-libjpeg-9d.git","https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html","https://security.netapp.com/advisory/ntap-20190118-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03958en_us","https://usn.ubuntu.com/3706-1/","https://usn.ubuntu.com/3706-2/","https://www.oracle.com/security-alerts/cpuapr2022.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"],"published_time":"2018-05-16T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1087","summary":"kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.","cvss":8.0,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.0,"epss":0.00038,"ranking_epss":0.11494,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/05/08/5","http://www.securityfocus.com/bid/104127","http://www.securitytracker.com/id/1040862","https://access.redhat.com/errata/RHSA-2018:1318","https://access.redhat.com/errata/RHSA-2018:1345","https://access.redhat.com/errata/RHSA-2018:1347","https://access.redhat.com/errata/RHSA-2018:1348","https://access.redhat.com/errata/RHSA-2018:1355","https://access.redhat.com/errata/RHSA-2018:1524","https://access.redhat.com/security/vulnerabilities/pop_ss","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087","https://usn.ubuntu.com/3641-1/","https://usn.ubuntu.com/3641-2/","https://www.debian.org/security/2018/dsa-4196","http://www.openwall.com/lists/oss-security/2018/05/08/5","http://www.securityfocus.com/bid/104127","http://www.securitytracker.com/id/1040862","https://access.redhat.com/errata/RHSA-2018:1318","https://access.redhat.com/errata/RHSA-2018:1345","https://access.redhat.com/errata/RHSA-2018:1347","https://access.redhat.com/errata/RHSA-2018:1348","https://access.redhat.com/errata/RHSA-2018:1355","https://access.redhat.com/errata/RHSA-2018:1524","https://access.redhat.com/security/vulnerabilities/pop_ss","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1087","https://usn.ubuntu.com/3641-1/","https://usn.ubuntu.com/3641-2/","https://www.debian.org/security/2018/dsa-4196"],"published_time":"2018-05-15T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10998","summary":"An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00915,"ranking_epss":0.75845,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/303","https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html","https://security.gentoo.org/glsa/201811-14","https://usn.ubuntu.com/3700-1/","https://www.debian.org/security/2018/dsa-4238","https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/303","https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html","https://security.gentoo.org/glsa/201811-14","https://usn.ubuntu.com/3700-1/","https://www.debian.org/security/2018/dsa-4238"],"published_time":"2018-05-12T04:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1118","summary":"Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.","cvss":2.3,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":2.3,"epss":0.00108,"ranking_epss":0.29159,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://usn.ubuntu.com/3762-1/","https://usn.ubuntu.com/3762-2/","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://usn.ubuntu.com/3762-1/","https://usn.ubuntu.com/3762-2/"],"published_time":"2018-05-10T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-18267","summary":"The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00274,"ranking_epss":0.50854,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.freedesktop.org/show_bug.cgi?id=103238","https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html","https://usn.ubuntu.com/3647-1/","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.freedesktop.org/show_bug.cgi?id=103238","https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html","https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html","https://usn.ubuntu.com/3647-1/"],"published_time":"2018-05-10T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1130","summary":"Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.00045,"ranking_epss":0.14098,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:1854","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2","https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://marc.info/?l=linux-netdev&m=152036596825220&w=2","https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3656-1/","https://usn.ubuntu.com/3697-1/","https://usn.ubuntu.com/3697-2/","https://usn.ubuntu.com/3698-1/","https://usn.ubuntu.com/3698-2/","https://access.redhat.com/errata/RHSA-2018:1854","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2","https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html","https://marc.info/?l=linux-netdev&m=152036596825220&w=2","https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3656-1/","https://usn.ubuntu.com/3697-1/","https://usn.ubuntu.com/3697-2/","https://usn.ubuntu.com/3698-1/","https://usn.ubuntu.com/3698-2/"],"published_time":"2018-05-10T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1089","summary":"389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.14569,"ranking_epss":0.94443,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104137","https://access.redhat.com/errata/RHSA-2018:1364","https://access.redhat.com/errata/RHSA-2018:1380","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089","https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html","http://www.securityfocus.com/bid/104137","https://access.redhat.com/errata/RHSA-2018:1364","https://access.redhat.com/errata/RHSA-2018:1380","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089","https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"],"published_time":"2018-05-09T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-8897","summary":"A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.24796,"ranking_epss":0.96125,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9","http://openwall.com/lists/oss-security/2018/05/08/1","http://openwall.com/lists/oss-security/2018/05/08/4","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en","http://www.securityfocus.com/bid/104071","http://www.securitytracker.com/id/1040744","http://www.securitytracker.com/id/1040849","http://www.securitytracker.com/id/1040861","http://www.securitytracker.com/id/1040866","http://www.securitytracker.com/id/1040882","https://access.redhat.com/errata/RHSA-2018:1318","https://access.redhat.com/errata/RHSA-2018:1319","https://access.redhat.com/errata/RHSA-2018:1345","https://access.redhat.com/errata/RHSA-2018:1346","https://access.redhat.com/errata/RHSA-2018:1347","https://access.redhat.com/errata/RHSA-2018:1348","https://access.redhat.com/errata/RHSA-2018:1349","https://access.redhat.com/errata/RHSA-2018:1350","https://access.redhat.com/errata/RHSA-2018:1351","https://access.redhat.com/errata/RHSA-2018:1352","https://access.redhat.com/errata/RHSA-2018:1353","https://access.redhat.com/errata/RHSA-2018:1354","https://access.redhat.com/errata/RHSA-2018:1355","https://access.redhat.com/errata/RHSA-2018:1524","https://bugzilla.redhat.com/show_bug.cgi?id=1567074","https://github.com/can1357/CVE-2018-8897/","https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html","https://patchwork.kernel.org/patch/10386677/","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897","https://security.netapp.com/advisory/ntap-20180927-0002/","https://support.apple.com/HT208742","https://support.citrix.com/article/CTX234679","https://svnweb.freebsd.org/base?view=revision&revision=333368","https://usn.ubuntu.com/3641-1/","https://usn.ubuntu.com/3641-2/","https://www.debian.org/security/2018/dsa-4196","https://www.debian.org/security/2018/dsa-4201","https://www.exploit-db.com/exploits/44697/","https://www.exploit-db.com/exploits/45024/","https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc","https://www.kb.cert.org/vuls/id/631579","https://www.synology.com/support/security/Synology_SA_18_21","https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html","https://xenbits.xen.org/xsa/advisory-260.html","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9","http://openwall.com/lists/oss-security/2018/05/08/1","http://openwall.com/lists/oss-security/2018/05/08/4","http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en","http://www.securityfocus.com/bid/104071","http://www.securitytracker.com/id/1040744","http://www.securitytracker.com/id/1040849","http://www.securitytracker.com/id/1040861","http://www.securitytracker.com/id/1040866","http://www.securitytracker.com/id/1040882","https://access.redhat.com/errata/RHSA-2018:1318","https://access.redhat.com/errata/RHSA-2018:1319","https://access.redhat.com/errata/RHSA-2018:1345","https://access.redhat.com/errata/RHSA-2018:1346","https://access.redhat.com/errata/RHSA-2018:1347","https://access.redhat.com/errata/RHSA-2018:1348","https://access.redhat.com/errata/RHSA-2018:1349","https://access.redhat.com/errata/RHSA-2018:1350","https://access.redhat.com/errata/RHSA-2018:1351","https://access.redhat.com/errata/RHSA-2018:1352","https://access.redhat.com/errata/RHSA-2018:1353","https://access.redhat.com/errata/RHSA-2018:1354","https://access.redhat.com/errata/RHSA-2018:1355","https://access.redhat.com/errata/RHSA-2018:1524","https://bugzilla.redhat.com/show_bug.cgi?id=1567074","https://github.com/can1357/CVE-2018-8897/","https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html","https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html","https://patchwork.kernel.org/patch/10386677/","https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897","https://security.netapp.com/advisory/ntap-20180927-0002/","https://support.apple.com/HT208742","https://support.citrix.com/article/CTX234679","https://svnweb.freebsd.org/base?view=revision&revision=333368","https://usn.ubuntu.com/3641-1/","https://usn.ubuntu.com/3641-2/","https://www.debian.org/security/2018/dsa-4196","https://www.debian.org/security/2018/dsa-4201","https://www.exploit-db.com/exploits/44697/","https://www.exploit-db.com/exploits/45024/","https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc","https://www.kb.cert.org/vuls/id/631579","https://www.synology.com/support/security/Synology_SA_18_21","https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html","https://xenbits.xen.org/xsa/advisory-260.html"],"published_time":"2018-05-08T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10767","summary":"There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00854,"ranking_epss":0.7491,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=1575188","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=1575188"],"published_time":"2018-05-06T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10768","summary":"There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01853,"ranking_epss":0.82966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.freedesktop.org/show_bug.cgi?id=106408","https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html","https://usn.ubuntu.com/3647-1/","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugs.freedesktop.org/show_bug.cgi?id=106408","https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html","https://usn.ubuntu.com/3647-1/"],"published_time":"2018-05-06T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-0494","summary":"GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \\r\\n sequence in a continuation line.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.70791,"ranking_epss":0.98688,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104129","http://www.securitytracker.com/id/1040838","https://access.redhat.com/errata/RHSA-2018:3052","https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd","https://lists.debian.org/debian-lts-announce/2018/05/msg00006.html","https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html","https://savannah.gnu.org/bugs/?53763","https://security.gentoo.org/glsa/201806-01","https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt","https://usn.ubuntu.com/3643-1/","https://usn.ubuntu.com/3643-2/","https://www.debian.org/security/2018/dsa-4195","https://www.exploit-db.com/exploits/44601/","http://www.securityfocus.com/bid/104129","http://www.securitytracker.com/id/1040838","https://access.redhat.com/errata/RHSA-2018:3052","https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd","https://lists.debian.org/debian-lts-announce/2018/05/msg00006.html","https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html","https://savannah.gnu.org/bugs/?53763","https://security.gentoo.org/glsa/201806-01","https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt","https://usn.ubuntu.com/3643-1/","https://usn.ubuntu.com/3643-2/","https://www.debian.org/security/2018/dsa-4195","https://www.exploit-db.com/exploits/44601/"],"published_time":"2018-05-06T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10733","summary":"There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00799,"ranking_epss":0.73991,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00005.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=1574844","http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00005.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3140","https://access.redhat.com/errata/RHSA-2018:3505","https://bugzilla.redhat.com/show_bug.cgi?id=1574844"],"published_time":"2018-05-04T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10675","summary":"The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.00037,"ranking_epss":0.11283,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99","http://www.securityfocus.com/bid/104093","https://access.redhat.com/errata/RHSA-2018:2164","https://access.redhat.com/errata/RHSA-2018:2384","https://access.redhat.com/errata/RHSA-2018:2395","https://access.redhat.com/errata/RHSA-2018:2785","https://access.redhat.com/errata/RHSA-2018:2791","https://access.redhat.com/errata/RHSA-2018:2924","https://access.redhat.com/errata/RHSA-2018:2925","https://access.redhat.com/errata/RHSA-2018:2933","https://access.redhat.com/errata/RHSA-2018:3540","https://access.redhat.com/errata/RHSA-2018:3586","https://access.redhat.com/errata/RHSA-2018:3590","https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://usn.ubuntu.com/3754-1/","https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9","https://www.oracle.com/security-alerts/cpujul2020.html","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99","http://www.securityfocus.com/bid/104093","https://access.redhat.com/errata/RHSA-2018:2164","https://access.redhat.com/errata/RHSA-2018:2384","https://access.redhat.com/errata/RHSA-2018:2395","https://access.redhat.com/errata/RHSA-2018:2785","https://access.redhat.com/errata/RHSA-2018:2791","https://access.redhat.com/errata/RHSA-2018:2924","https://access.redhat.com/errata/RHSA-2018:2925","https://access.redhat.com/errata/RHSA-2018:2933","https://access.redhat.com/errata/RHSA-2018:3540","https://access.redhat.com/errata/RHSA-2018:3586","https://access.redhat.com/errata/RHSA-2018:3590","https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://usn.ubuntu.com/3754-1/","https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2018-05-02T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10583","summary":"An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.71895,"ranking_epss":0.98732,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/fulldisclosure/2020/Oct/26","http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/","https://access.redhat.com/errata/RHSA-2018:3054","https://lists.apache.org/thread.html/0598708912978b27121b2e380b44a225c706aca882cd1da6a955a0af%40%3Cdev.openoffice.apache.org%3E","https://lists.apache.org/thread.html/6c65f22306c36c95e75f8d2b7f49cfcbeb0a4614245c20934612a39d%40%3Cdev.openoffice.apache.org%3E","https://lists.apache.org/thread.html/c8fd59ac77b42aac90eb5c59b87f3ab59b5e0c3bfb4819aa649a2909%40%3Cdev.openoffice.apache.org%3E","https://security-tracker.debian.org/tracker/CVE-2018-10583","https://usn.ubuntu.com/3883-1/","https://www.exploit-db.com/exploits/44564/","http://seclists.org/fulldisclosure/2020/Oct/26","http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/","https://access.redhat.com/errata/RHSA-2018:3054","https://lists.apache.org/thread.html/0598708912978b27121b2e380b44a225c706aca882cd1da6a955a0af%40%3Cdev.openoffice.apache.org%3E","https://lists.apache.org/thread.html/6c65f22306c36c95e75f8d2b7f49cfcbeb0a4614245c20934612a39d%40%3Cdev.openoffice.apache.org%3E","https://lists.apache.org/thread.html/c8fd59ac77b42aac90eb5c59b87f3ab59b5e0c3bfb4819aa649a2909%40%3Cdev.openoffice.apache.org%3E","https://security-tracker.debian.org/tracker/CVE-2018-10583","https://usn.ubuntu.com/3883-1/","https://www.exploit-db.com/exploits/44564/"],"published_time":"2018-05-01T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10534","summary":"The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00469,"ranking_epss":0.64505,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104025","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23110","https://usn.ubuntu.com/4336-1/","http://www.securityfocus.com/bid/104025","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23110","https://usn.ubuntu.com/4336-1/"],"published_time":"2018-04-29T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10535","summary":"The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00147,"ranking_epss":0.35224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104021","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23113","https://usn.ubuntu.com/4336-1/","http://www.securityfocus.com/bid/104021","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23113","https://usn.ubuntu.com/4336-1/"],"published_time":"2018-04-29T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10372","summary":"process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00422,"ranking_epss":0.62037,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103976","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23064","https://usn.ubuntu.com/4336-1/","http://www.securityfocus.com/bid/103976","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23064","https://usn.ubuntu.com/4336-1/"],"published_time":"2018-04-25T09:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10373","summary":"concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.01071,"ranking_epss":0.77708,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104000","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23065","https://usn.ubuntu.com/4336-1/","http://www.securityfocus.com/bid/104000","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201908-01","https://sourceware.org/bugzilla/show_bug.cgi?id=23065","https://usn.ubuntu.com/4336-1/"],"published_time":"2018-04-25T09:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2885","summary":"An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.08547,"ranking_epss":0.92369,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html","http://seclists.org/fulldisclosure/2020/Dec/3","http://www.securityfocus.com/bid/100258","https://access.redhat.com/errata/RHSA-2017:2459","https://www.debian.org/security/2017/dsa-3929","https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392","http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html","http://seclists.org/fulldisclosure/2020/Dec/3","http://www.securityfocus.com/bid/100258","https://access.redhat.com/errata/RHSA-2017:2459","https://www.debian.org/security/2017/dsa-3929","https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392"],"published_time":"2018-04-24T19:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10322","summary":"The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.00051,"ranking_epss":0.16059,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103960","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=199377","https://usn.ubuntu.com/4578-1/","https://usn.ubuntu.com/4579-1/","https://www.spinics.net/lists/linux-xfs/msg17215.html","http://www.securityfocus.com/bid/103960","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=199377","https://usn.ubuntu.com/4578-1/","https://usn.ubuntu.com/4579-1/","https://www.spinics.net/lists/linux-xfs/msg17215.html"],"published_time":"2018-04-24T06:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1106","summary":"An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00027,"ranking_epss":0.07436,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/04/23/3","https://access.redhat.com/errata/RHSA-2018:1224","https://bugzilla.redhat.com/show_bug.cgi?id=1565992","https://usn.ubuntu.com/3634-1/","https://www.debian.org/security/2018/dsa-4207","http://www.openwall.com/lists/oss-security/2018/04/23/3","https://access.redhat.com/errata/RHSA-2018:1224","https://bugzilla.redhat.com/show_bug.cgi?id=1565992","https://usn.ubuntu.com/3634-1/","https://www.debian.org/security/2018/dsa-4207"],"published_time":"2018-04-23T20:29:14","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-8781","summary":"The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.00101,"ranking_epss":0.2799,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://patchwork.freedesktop.org/patch/211845/","https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3656-1/","https://usn.ubuntu.com/3674-1/","https://usn.ubuntu.com/3674-2/","https://usn.ubuntu.com/3677-1/","https://usn.ubuntu.com/3677-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://patchwork.freedesktop.org/patch/211845/","https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3656-1/","https://usn.ubuntu.com/3674-1/","https://usn.ubuntu.com/3674-2/","https://usn.ubuntu.com/3677-1/","https://usn.ubuntu.com/3677-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188"],"published_time":"2018-04-23T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-17833","summary":"OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.00844,"ranking_epss":0.74735,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://support.lenovo.com/us/en/solutions/LEN-18247","https://access.redhat.com/errata/RHSA-2018:2240","https://access.redhat.com/errata/RHSA-2018:2308","https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html","https://security.gentoo.org/glsa/202005-12","https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/","https://usn.ubuntu.com/3708-1/","http://support.lenovo.com/us/en/solutions/LEN-18247","https://access.redhat.com/errata/RHSA-2018:2240","https://access.redhat.com/errata/RHSA-2018:2308","https://lists.debian.org/debian-lts-announce/2018/04/msg00029.html","https://security.gentoo.org/glsa/202005-12","https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/","https://usn.ubuntu.com/3708-1/"],"published_time":"2018-04-23T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2811","summary":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":7.7,"cvss_version":3.0,"cvss_v2":3.7,"cvss_v3":7.7,"epss":0.00161,"ranking_epss":0.37121,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103810","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1204","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103810","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1204","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/"],"published_time":"2018-04-19T02:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2813","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"epss":0.00307,"ranking_epss":0.53876,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103830","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103830","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-04-19T02:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2814","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":8.3,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":8.3,"epss":0.00454,"ranking_epss":0.63784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103798","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103798","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2815","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00693,"ranking_epss":0.7183,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103848","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103848","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2817","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.00265,"ranking_epss":0.49927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103818","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103818","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-04-19T02:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2819","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":6.5,"epss":0.00265,"ranking_epss":0.49927,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103814","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103814","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-04-19T02:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2783","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).","cvss":7.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.4,"epss":0.00492,"ranking_epss":0.65613,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103832","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103832","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/"],"published_time":"2018-04-19T02:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2790","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).","cvss":3.1,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":3.1,"epss":0.00239,"ranking_epss":0.46935,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103877","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103877","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2794","summary":"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":7.7,"cvss_version":3.0,"cvss_v2":3.7,"cvss_v3":7.7,"epss":0.00047,"ranking_epss":0.14491,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103817","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103817","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2795","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00101,"ranking_epss":0.28002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103847","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103847","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2796","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00293,"ranking_epss":0.52563,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103868","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103868","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2797","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00101,"ranking_epss":0.28002,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103846","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103846","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2798","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00179,"ranking_epss":0.39548,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103841","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103841","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2799","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00123,"ranking_epss":0.31535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103872","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E","https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3E","https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3E","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103872","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73%40%3Cj-users.xerces.apache.org%3E","https://lists.apache.org/thread.html/b53d4601ecd9ec63c799dbe1bc5b78e0d52f4cef429da2dfe63cf06d%40%3Cfop-dev.xmlgraphics.apache.org%3E","https://lists.apache.org/thread.html/r449b5d89c7b2ba3762584cf6c38e01867d4b24706e023cf2a9911307%40%3Cuser.spark.apache.org%3E","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2800","summary":"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).","cvss":4.2,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.2,"epss":0.00316,"ranking_epss":0.54693,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103849","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103849","http://www.securitytracker.com/id/1040697","https://access.redhat.com/errata/RHSA-2018:1188","https://access.redhat.com/errata/RHSA-2018:1191","https://access.redhat.com/errata/RHSA-2018:1201","https://access.redhat.com/errata/RHSA-2018:1202","https://access.redhat.com/errata/RHSA-2018:1203","https://access.redhat.com/errata/RHSA-2018:1204","https://access.redhat.com/errata/RHSA-2018:1205","https://access.redhat.com/errata/RHSA-2018:1206","https://access.redhat.com/errata/RHSA-2018:1270","https://access.redhat.com/errata/RHSA-2018:1278","https://access.redhat.com/errata/RHSA-2018:1721","https://access.redhat.com/errata/RHSA-2018:1722","https://access.redhat.com/errata/RHSA-2018:1723","https://access.redhat.com/errata/RHSA-2018:1724","https://access.redhat.com/errata/RHSA-2018:1974","https://access.redhat.com/errata/RHSA-2018:1975","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.gentoo.org/glsa/201903-14","https://security.netapp.com/advisory/ntap-20180419-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03857en_us","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03915en_us","https://usn.ubuntu.com/3644-1/","https://usn.ubuntu.com/3691-1/","https://www.debian.org/security/2018/dsa-4185","https://www.debian.org/security/2018/dsa-4225"],"published_time":"2018-04-19T02:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2771","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.4,"cvss_version":3.0,"cvss_v2":3.5,"cvss_v3":4.4,"epss":0.00151,"ranking_epss":0.3588,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103828","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103828","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-04-19T02:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2781","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).","cvss":4.9,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.9,"epss":0.00144,"ranking_epss":0.34801,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103825","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103825","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-04-19T02:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2755","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":7.7,"cvss_version":3.0,"cvss_v2":3.7,"cvss_v3":7.7,"epss":0.00208,"ranking_epss":0.43131,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103807","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103807","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-04-19T02:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2761","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.00267,"ranking_epss":0.50139,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103820","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.securityfocus.com/bid/103820","http://www.securitytracker.com/id/1040698","https://access.redhat.com/errata/RHSA-2018:1254","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2018:3655","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.gentoo.org/glsa/201908-24","https://security.netapp.com/advisory/ntap-20180419-0002/","https://usn.ubuntu.com/3629-1/","https://usn.ubuntu.com/3629-2/","https://usn.ubuntu.com/3629-3/","https://www.debian.org/security/2018/dsa-4176","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-04-19T02:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10194","summary":"The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00648,"ranking_epss":0.70731,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=39b1e54b2968620723bf32e96764c88797714879","http://www.securitytracker.com/id/1040729","https://access.redhat.com/errata/RHSA-2018:2918","https://bugs.ghostscript.com/show_bug.cgi?id=699255","https://lists.debian.org/debian-lts-announce/2018/04/msg00028.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3636-1/","http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=39b1e54b2968620723bf32e96764c88797714879","http://www.securitytracker.com/id/1040729","https://access.redhat.com/errata/RHSA-2018:2918","https://bugs.ghostscript.com/show_bug.cgi?id=699255","https://lists.debian.org/debian-lts-announce/2018/04/msg00028.html","https://security.gentoo.org/glsa/201811-12","https://usn.ubuntu.com/3636-1/"],"published_time":"2018-04-18T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1088","summary":"A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.10782,"ranking_epss":0.93329,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:1136","https://access.redhat.com/errata/RHSA-2018:1137","https://access.redhat.com/errata/RHSA-2018:1275","https://access.redhat.com/errata/RHSA-2018:1524","https://bugzilla.redhat.com/show_bug.cgi?id=1558721","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06","http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html","https://access.redhat.com/errata/RHSA-2018:1136","https://access.redhat.com/errata/RHSA-2018:1137","https://access.redhat.com/errata/RHSA-2018:1275","https://access.redhat.com/errata/RHSA-2018:1524","https://bugzilla.redhat.com/show_bug.cgi?id=1558721","https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html","https://security.gentoo.org/glsa/201904-06"],"published_time":"2018-04-18T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6797","summary":"An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01475,"ranking_epss":0.80919,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1040681","http://www.securitytracker.com/id/1042004","https://access.redhat.com/errata/RHSA-2018:1192","https://rt.perl.org/Public/Bug/Display.html?id=132227","https://security.gentoo.org/glsa/201909-01","https://usn.ubuntu.com/3625-1/","https://www.debian.org/security/2018/dsa-4172","https://www.oracle.com/security-alerts/cpujul2020.html","http://www.securitytracker.com/id/1040681","http://www.securitytracker.com/id/1042004","https://access.redhat.com/errata/RHSA-2018:1192","https://rt.perl.org/Public/Bug/Display.html?id=132227","https://security.gentoo.org/glsa/201909-01","https://usn.ubuntu.com/3625-1/","https://www.debian.org/security/2018/dsa-4172","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2018-04-17T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6798","summary":"An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01603,"ranking_epss":0.81671,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://rt.perl.org/Public/Bug/Display.html?id=132063","https://security.gentoo.org/glsa/201909-01","https://usn.ubuntu.com/3625-1/","https://www.debian.org/security/2018/dsa-4172","https://www.oracle.com/security-alerts/cpujul2020.html","http://www.securitytracker.com/id/1040681","https://access.redhat.com/errata/RHSA-2018:1192","https://rt.perl.org/Public/Bug/Display.html?id=132063","https://security.gentoo.org/glsa/201909-01","https://usn.ubuntu.com/3625-1/","https://www.debian.org/security/2018/dsa-4172","https://www.oracle.com/security-alerts/cpujul2020.html"],"published_time":"2018-04-17T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10119","summary":"sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00545,"ranking_epss":0.67741,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3054","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747","https://gerrit.libreoffice.org/#/c/48751/","https://gerrit.libreoffice.org/#/c/48756/","https://gerrit.libreoffice.org/#/c/48757/","https://gerrit.libreoffice.org/#/c/48758/","https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=commit%3Bh=fdd41c995d1f719e92c6f083e780226114762f05","https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html","https://usn.ubuntu.com/3883-1/","https://www.debian.org/security/2018/dsa-4178","https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/","https://access.redhat.com/errata/RHSA-2018:3054","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747","https://gerrit.libreoffice.org/#/c/48751/","https://gerrit.libreoffice.org/#/c/48756/","https://gerrit.libreoffice.org/#/c/48757/","https://gerrit.libreoffice.org/#/c/48758/","https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=commit%3Bh=fdd41c995d1f719e92c6f083e780226114762f05","https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html","https://usn.ubuntu.com/3883-1/","https://www.debian.org/security/2018/dsa-4178","https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/"],"published_time":"2018-04-16T09:58:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-10120","summary":"The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00499,"ranking_epss":0.65876,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3054","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6173","https://gerrit.libreoffice.org/#/c/49486/","https://gerrit.libreoffice.org/#/c/49499/","https://gerrit.libreoffice.org/#/c/49500/","https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=commit%3Bh=017fcc2fcd00af17a97bd5463d89662404f57667","https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html","https://usn.ubuntu.com/3883-1/","https://www.debian.org/security/2018/dsa-4178","https://www.libreoffice.org/about-us/security/advisories/cve-2018-10120/","https://access.redhat.com/errata/RHSA-2018:3054","https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6173","https://gerrit.libreoffice.org/#/c/49486/","https://gerrit.libreoffice.org/#/c/49499/","https://gerrit.libreoffice.org/#/c/49500/","https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=commit%3Bh=017fcc2fcd00af17a97bd5463d89662404f57667","https://lists.debian.org/debian-lts-announce/2018/04/msg00021.html","https://usn.ubuntu.com/3883-1/","https://www.debian.org/security/2018/dsa-4178","https://www.libreoffice.org/about-us/security/advisories/cve-2018-10120/"],"published_time":"2018-04-16T09:58:10","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1084","summary":"corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.5,"epss":0.00311,"ranking_epss":0.54271,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103758","https://access.redhat.com/errata/RHSA-2018:1169","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084","https://security.gentoo.org/glsa/202107-01","https://usn.ubuntu.com/4000-1/","https://www.debian.org/security/2018/dsa-4174","http://www.securityfocus.com/bid/103758","https://access.redhat.com/errata/RHSA-2018:1169","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084","https://security.gentoo.org/glsa/202107-01","https://usn.ubuntu.com/4000-1/","https://www.debian.org/security/2018/dsa-4174"],"published_time":"2018-04-12T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1100","summary":"zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.00068,"ranking_epss":0.21093,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:1932","https://access.redhat.com/errata/RHSA-2018:3073","https://bugzilla.redhat.com/show_bug.cgi?id=1563395","https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html","https://security.gentoo.org/glsa/201805-10","https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/","https://usn.ubuntu.com/3764-1/","https://access.redhat.com/errata/RHSA-2018:1932","https://access.redhat.com/errata/RHSA-2018:3073","https://bugzilla.redhat.com/show_bug.cgi?id=1563395","https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html","https://security.gentoo.org/glsa/201805-10","https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/","https://usn.ubuntu.com/3764-1/"],"published_time":"2018-04-11T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000156","summary":"GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.36762,"ranking_epss":0.97123,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html","http://rachelbythebay.com/w/2018/04/05/bangpatch/","https://access.redhat.com/errata/RHSA-2018:1199","https://access.redhat.com/errata/RHSA-2018:1200","https://access.redhat.com/errata/RHSA-2018:2091","https://access.redhat.com/errata/RHSA-2018:2092","https://access.redhat.com/errata/RHSA-2018:2093","https://access.redhat.com/errata/RHSA-2018:2094","https://access.redhat.com/errata/RHSA-2018:2095","https://access.redhat.com/errata/RHSA-2018:2096","https://access.redhat.com/errata/RHSA-2018:2097","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19","https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html","https://savannah.gnu.org/bugs/index.php?53566","https://seclists.org/bugtraq/2019/Aug/29","https://seclists.org/bugtraq/2019/Jul/54","https://security.gentoo.org/glsa/201904-17","https://usn.ubuntu.com/3624-1/","https://usn.ubuntu.com/3624-2/","https://web.archive.org/web/20180405231329/https://twitter.com/kurtseifried/status/982028968877436928","http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html","http://rachelbythebay.com/w/2018/04/05/bangpatch/","https://access.redhat.com/errata/RHSA-2018:1199","https://access.redhat.com/errata/RHSA-2018:1200","https://access.redhat.com/errata/RHSA-2018:2091","https://access.redhat.com/errata/RHSA-2018:2092","https://access.redhat.com/errata/RHSA-2018:2093","https://access.redhat.com/errata/RHSA-2018:2094","https://access.redhat.com/errata/RHSA-2018:2095","https://access.redhat.com/errata/RHSA-2018:2096","https://access.redhat.com/errata/RHSA-2018:2097","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19","https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html","https://savannah.gnu.org/bugs/index.php?53566","https://seclists.org/bugtraq/2019/Aug/29","https://seclists.org/bugtraq/2019/Jul/54","https://security.gentoo.org/glsa/201904-17","https://twitter.com/kurtseifried/status/982028968877436928","https://usn.ubuntu.com/3624-1/","https://usn.ubuntu.com/3624-2/"],"published_time":"2018-04-06T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4117","summary":"An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00953,"ranking_epss":0.76362,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/104887","http://www.securitytracker.com/id/1040604","https://access.redhat.com/errata/RHSA-2018:2282","https://security.gentoo.org/glsa/201808-01","https://security.gentoo.org/glsa/201808-04","https://support.apple.com/HT208693","https://support.apple.com/HT208694","https://support.apple.com/HT208695","https://support.apple.com/HT208696","https://support.apple.com/HT208697","https://usn.ubuntu.com/3635-1/","https://www.debian.org/security/2018/dsa-4256","http://www.securityfocus.com/bid/104887","http://www.securitytracker.com/id/1040604","https://access.redhat.com/errata/RHSA-2018:2282","https://security.gentoo.org/glsa/201808-01","https://security.gentoo.org/glsa/201808-04","https://support.apple.com/HT208693","https://support.apple.com/HT208694","https://support.apple.com/HT208695","https://support.apple.com/HT208696","https://support.apple.com/HT208697","https://usn.ubuntu.com/3635-1/","https://www.debian.org/security/2018/dsa-4256"],"published_time":"2018-04-03T06:29:04","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7000","summary":"An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00587,"ranking_epss":0.6907,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/98767","http://www.securityfocus.com/bid/99950","https://access.redhat.com/errata/RHSA-2017:1833","https://security.gentoo.org/glsa/201709-15","https://support.apple.com/HT207797","https://support.apple.com/HT207798","https://www.debian.org/security/2017/dsa-3926","http://www.securityfocus.com/bid/98767","http://www.securityfocus.com/bid/99950","https://access.redhat.com/errata/RHSA-2017:1833","https://security.gentoo.org/glsa/201709-15","https://support.apple.com/HT207797","https://support.apple.com/HT207798","https://www.debian.org/security/2017/dsa-3926"],"published_time":"2018-04-03T06:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1094","summary":"The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.","cvss":5.5,"cvss_version":3.0,"cvss_v2":7.1,"cvss_v3":5.5,"epss":0.00285,"ranking_epss":0.51852,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://openwall.com/lists/oss-security/2018/03/29/1","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=199183","https://bugzilla.redhat.com/show_bug.cgi?id=1560788","https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957","https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1","https://usn.ubuntu.com/3695-1/","https://usn.ubuntu.com/3695-2/","http://openwall.com/lists/oss-security/2018/03/29/1","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=199183","https://bugzilla.redhat.com/show_bug.cgi?id=1560788","https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957","https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1","https://usn.ubuntu.com/3695-1/","https://usn.ubuntu.com/3695-2/"],"published_time":"2018-04-02T03:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7566","summary":"The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00051,"ranking_epss":0.16199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html","http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html","http://www.securityfocus.com/bid/103605","https://access.redhat.com/errata/RHSA-2018:2384","https://access.redhat.com/errata/RHSA-2018:2390","https://access.redhat.com/errata/RHSA-2018:2395","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2019:1483","https://access.redhat.com/errata/RHSA-2019:1487","https://bugzilla.redhat.com/show_bug.cgi?id=1550142","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://usn.ubuntu.com/3631-1/","https://usn.ubuntu.com/3631-2/","https://usn.ubuntu.com/3798-1/","https://usn.ubuntu.com/3798-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html","http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html","http://www.securityfocus.com/bid/103605","https://access.redhat.com/errata/RHSA-2018:2384","https://access.redhat.com/errata/RHSA-2018:2390","https://access.redhat.com/errata/RHSA-2018:2395","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2019:1483","https://access.redhat.com/errata/RHSA-2019:1487","https://bugzilla.redhat.com/show_bug.cgi?id=1550142","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://usn.ubuntu.com/3631-1/","https://usn.ubuntu.com/3631-2/","https://usn.ubuntu.com/3798-1/","https://usn.ubuntu.com/3798-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"],"published_time":"2018-03-30T21:29:02","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1083","summary":"Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.0009,"ranking_epss":0.25559,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103572","https://access.redhat.com/errata/RHSA-2018:1932","https://access.redhat.com/errata/RHSA-2018:3073","https://bugzilla.redhat.com/show_bug.cgi?id=1557382","https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html","https://security.gentoo.org/glsa/201805-10","https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7","https://usn.ubuntu.com/3608-1/","http://www.securityfocus.com/bid/103572","https://access.redhat.com/errata/RHSA-2018:1932","https://access.redhat.com/errata/RHSA-2018:3073","https://bugzilla.redhat.com/show_bug.cgi?id=1557382","https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html","https://security.gentoo.org/glsa/201805-10","https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7","https://usn.ubuntu.com/3608-1/"],"published_time":"2018-03-28T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1312","summary":"In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.","cvss":9.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":9.8,"epss":0.0728,"ranking_epss":0.9163,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/03/24/7","http://www.securityfocus.com/bid/103524","http://www.securitytracker.com/id/1040571","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2019:0366","https://access.redhat.com/errata/RHSA-2019:0367","https://access.redhat.com/errata/RHSA-2019:1898","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html","https://security.netapp.com/advisory/ntap-20180601-0004/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us","https://usn.ubuntu.com/3627-1/","https://usn.ubuntu.com/3627-2/","https://usn.ubuntu.com/3937-2/","https://www.debian.org/security/2018/dsa-4164","https://www.tenable.com/security/tns-2019-09","http://www.openwall.com/lists/oss-security/2018/03/24/7","http://www.securityfocus.com/bid/103524","http://www.securitytracker.com/id/1040571","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2019:0366","https://access.redhat.com/errata/RHSA-2019:0367","https://access.redhat.com/errata/RHSA-2019:1898","https://httpd.apache.org/security/vulnerabilities_24.html","https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E","https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html","https://security.netapp.com/advisory/ntap-20180601-0004/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us","https://usn.ubuntu.com/3627-1/","https://usn.ubuntu.com/3627-2/","https://usn.ubuntu.com/3937-2/","https://www.debian.org/security/2018/dsa-4164","https://www.tenable.com/security/tns-2019-09"],"published_time":"2018-03-26T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-8976","summary":"In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00608,"ranking_epss":0.69634,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/246","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://security.gentoo.org/glsa/201811-14","https://access.redhat.com/errata/RHSA-2019:2101","https://github.com/Exiv2/exiv2/issues/246","https://lists.debian.org/debian-lts-announce/2023/01/msg00004.html","https://security.gentoo.org/glsa/201811-14"],"published_time":"2018-03-25T03:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000140","summary":"rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.27155,"ranking_epss":0.96359,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html","https://access.redhat.com/errata/RHSA-2018:1223","https://access.redhat.com/errata/RHSA-2018:1225","https://access.redhat.com/errata/RHSA-2018:1701","https://access.redhat.com/errata/RHSA-2018:1702","https://access.redhat.com/errata/RHSA-2018:1703","https://access.redhat.com/errata/RHSA-2018:1704","https://access.redhat.com/errata/RHSA-2018:1707","https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205","https://lgtm.com/rules/1505913226124/","https://security.gentoo.org/glsa/201804-21","https://usn.ubuntu.com/3612-1/","https://www.debian.org/security/2018/dsa-4151","http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html","https://access.redhat.com/errata/RHSA-2018:1223","https://access.redhat.com/errata/RHSA-2018:1225","https://access.redhat.com/errata/RHSA-2018:1701","https://access.redhat.com/errata/RHSA-2018:1702","https://access.redhat.com/errata/RHSA-2018:1703","https://access.redhat.com/errata/RHSA-2018:1704","https://access.redhat.com/errata/RHSA-2018:1707","https://github.com/rsyslog/librelp/blob/532aa362f0f7a8d037505b0a27a1df452f9bac9e/src/tcp.c#L1205","https://lgtm.com/rules/1505913226124/","https://security.gentoo.org/glsa/201804-21","https://usn.ubuntu.com/3612-1/","https://www.debian.org/security/2018/dsa-4151"],"published_time":"2018-03-23T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-8945","summary":"The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00184,"ranking_epss":0.40126,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22809","https://usn.ubuntu.com/4336-1/","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22809","https://usn.ubuntu.com/4336-1/"],"published_time":"2018-03-22T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-8905","summary":"In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.00756,"ranking_epss":0.73223,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://bugzilla.maptools.org/show_bug.cgi?id=2780","https://access.redhat.com/errata/RHSA-2019:2053","https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow","https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d","https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html","https://usn.ubuntu.com/3864-1/","https://www.debian.org/security/2018/dsa-4349","http://bugzilla.maptools.org/show_bug.cgi?id=2780","https://access.redhat.com/errata/RHSA-2019:2053","https://github.com/halfbitteam/POCs/tree/master/libtiff-4.08_tiff2ps_heap_overflow","https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d","https://lists.debian.org/debian-lts-announce/2018/05/msg00008.html","https://lists.debian.org/debian-lts-announce/2018/05/msg00009.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html","https://usn.ubuntu.com/3864-1/","https://www.debian.org/security/2018/dsa-4349"],"published_time":"2018-03-22T04:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-8088","summary":"org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01866,"ranking_epss":0.83024,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103737","http://www.securitytracker.com/id/1040627","https://access.redhat.com/errata/RHSA-2018:0582","https://access.redhat.com/errata/RHSA-2018:0592","https://access.redhat.com/errata/RHSA-2018:0627","https://access.redhat.com/errata/RHSA-2018:0628","https://access.redhat.com/errata/RHSA-2018:0629","https://access.redhat.com/errata/RHSA-2018:0630","https://access.redhat.com/errata/RHSA-2018:1247","https://access.redhat.com/errata/RHSA-2018:1248","https://access.redhat.com/errata/RHSA-2018:1249","https://access.redhat.com/errata/RHSA-2018:1251","https://access.redhat.com/errata/RHSA-2018:1323","https://access.redhat.com/errata/RHSA-2018:1447","https://access.redhat.com/errata/RHSA-2018:1448","https://access.redhat.com/errata/RHSA-2018:1449","https://access.redhat.com/errata/RHSA-2018:1450","https://access.redhat.com/errata/RHSA-2018:1451","https://access.redhat.com/errata/RHSA-2018:1525","https://access.redhat.com/errata/RHSA-2018:1575","https://access.redhat.com/errata/RHSA-2018:2143","https://access.redhat.com/errata/RHSA-2018:2419","https://access.redhat.com/errata/RHSA-2018:2420","https://access.redhat.com/errata/RHSA-2018:2669","https://access.redhat.com/errata/RHSA-2018:2930","https://access.redhat.com/errata/RHSA-2019:2413","https://access.redhat.com/errata/RHSA-2019:3140","https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405","https://jira.qos.ch/browse/SLF4J-430","https://jira.qos.ch/browse/SLF4J-431","https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E","https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E","https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E","https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E","https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E","https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E","https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E","https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E","https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E","https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E","https://security.netapp.com/advisory/ntap-20231227-0010/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.slf4j.org/news.html","http://www.securityfocus.com/bid/103737","http://www.securitytracker.com/id/1040627","https://access.redhat.com/errata/RHSA-2018:0582","https://access.redhat.com/errata/RHSA-2018:0592","https://access.redhat.com/errata/RHSA-2018:0627","https://access.redhat.com/errata/RHSA-2018:0628","https://access.redhat.com/errata/RHSA-2018:0629","https://access.redhat.com/errata/RHSA-2018:0630","https://access.redhat.com/errata/RHSA-2018:1247","https://access.redhat.com/errata/RHSA-2018:1248","https://access.redhat.com/errata/RHSA-2018:1249","https://access.redhat.com/errata/RHSA-2018:1251","https://access.redhat.com/errata/RHSA-2018:1323","https://access.redhat.com/errata/RHSA-2018:1447","https://access.redhat.com/errata/RHSA-2018:1448","https://access.redhat.com/errata/RHSA-2018:1449","https://access.redhat.com/errata/RHSA-2018:1450","https://access.redhat.com/errata/RHSA-2018:1451","https://access.redhat.com/errata/RHSA-2018:1525","https://access.redhat.com/errata/RHSA-2018:1575","https://access.redhat.com/errata/RHSA-2018:2143","https://access.redhat.com/errata/RHSA-2018:2419","https://access.redhat.com/errata/RHSA-2018:2420","https://access.redhat.com/errata/RHSA-2018:2669","https://access.redhat.com/errata/RHSA-2018:2930","https://access.redhat.com/errata/RHSA-2019:2413","https://access.redhat.com/errata/RHSA-2019:3140","https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405","https://jira.qos.ch/browse/SLF4J-430","https://jira.qos.ch/browse/SLF4J-431","https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f%40%3Cdevnull.infra.apache.org%3E","https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa%40%3Cdevnull.infra.apache.org%3E","https://lists.apache.org/thread.html/r0f376559fd39cf1a53ac3afbc1fc5d62649dcac9916d4697445a94fa%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r1660c72a660f0522947ca6ce329dcc74e1ee20c58bbe208472754489%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r17e7e6abc53d29c0e269153517d36f4bec2755b95900596e6df15cbe%40%3Cnotifications.iotdb.apache.org%3E","https://lists.apache.org/thread.html/r2d05924f903403927a2f4e78d9b1249a42f0bd09f69a7c1954d74a42%40%3Creviews.iotdb.apache.org%3E","https://lists.apache.org/thread.html/r32be21da011479df41468a62bc09d12f0d3b4e3a71679d33cb0e8c56%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/r37644f0a00aca9fbcbc21c0f9a91f927b63153ec3607be469cd515e5%40%3Creviews.iotdb.apache.org%3E","https://lists.apache.org/thread.html/r48247c12cf652e95a01fc94ee5aa8641f3ec481235774790e53eb55e%40%3Creviews.iotdb.apache.org%3E","https://lists.apache.org/thread.html/r573eb577a67503e72181eee637d9b0ac042197e632bcdfce76af06a3%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r5cf87a035b297c19f4043a37b73c341576dd92f819bd3e4aa27de541%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/r81711cde77c2c5742b7b8533c978e79771b700af0ef4d3149d70df25%40%3Cnotifications.logging.apache.org%3E","https://lists.apache.org/thread.html/r891761d5014f9ffd79d9737482de832462de538b6c4bdcef21aad729%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/r99a6552e45ca6ba1082031421f51799a4a665eda905ab2c2aa9d6ffa%40%3Cdev.flink.apache.org%3E","https://lists.apache.org/thread.html/r9e25496608036573736cee484d8d03dae400f09e443b0000b6adc042%40%3Ccommits.iotdb.apache.org%3E","https://lists.apache.org/thread.html/raabf1a00b2652575fca9fcb44166a828a0cab97a7d1594001eabc991%40%3Ccommon-issues.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rc378b97d52856f9f3c5ced14771fed8357e4187a3a0f9a2f0515931a%40%3Cissues.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rc7de83170d3402af15bfed3d59f80aea20f250535bdce30e4cad24db%40%3Cissues.flink.apache.org%3E","https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","https://lists.apache.org/thread.html/rd86db9679150e9297b5c0fcb6f0e80a8b81b54fcf423de5a914bca78%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/re6fb6b0de9d679310437ff87fc94e39da5a14dce9c73864a41837462%40%3Ccommon-commits.hadoop.apache.org%3E","https://lists.apache.org/thread.html/reb3eeb985afdead17fadb7c33d5d472c1015a85ea5c9b038ec77f378%40%3Ccommon-dev.hadoop.apache.org%3E","https://lists.apache.org/thread.html/rf58e1bee31d66665437dde9acd9abed53f8483034b69fa9ca7cde09c%40%3Cdev.zookeeper.apache.org%3E","https://lists.apache.org/thread.html/rfb45527bad7220ada9e30957762e1da254ce405e67cc3ddf6f3558d9%40%3Creviews.iotdb.apache.org%3E","https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264%40%3Ccommon-issues.hadoop.apache.org%3E","https://security.netapp.com/advisory/ntap-20231227-0010/","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/security-alerts/cpuoct2021.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.slf4j.org/news.html"],"published_time":"2018-03-20T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1068","summary":"A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.","cvss":6.7,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":6.7,"epss":0.00031,"ranking_epss":0.08947,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103459","https://access.redhat.com/errata/RHSA-2018:1318","https://access.redhat.com/errata/RHSA-2018:1355","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2019:1170","https://access.redhat.com/errata/RHSA-2019:1190","https://access.redhat.com/errata/RHSA-2019:4159","https://bugzilla.redhat.com/show_bug.cgi?id=1552048","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6","https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://marc.info/?l=linux-netdev&m=152023808817590&w=2","https://marc.info/?l=linux-netdev&m=152025888924151&w=2","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3656-1/","https://usn.ubuntu.com/3674-1/","https://usn.ubuntu.com/3674-2/","https://usn.ubuntu.com/3677-1/","https://usn.ubuntu.com/3677-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188","http://www.securityfocus.com/bid/103459","https://access.redhat.com/errata/RHSA-2018:1318","https://access.redhat.com/errata/RHSA-2018:1355","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2019:1170","https://access.redhat.com/errata/RHSA-2019:1190","https://access.redhat.com/errata/RHSA-2019:4159","https://bugzilla.redhat.com/show_bug.cgi?id=1552048","https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b71812168571fa55e44cdd0254471331b9c4c4c6","https://github.com/torvalds/linux/commit/b71812168571fa55e44cdd0254471331b9c4c4c6","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://marc.info/?l=linux-netdev&m=152023808817590&w=2","https://marc.info/?l=linux-netdev&m=152025888924151&w=2","https://usn.ubuntu.com/3654-1/","https://usn.ubuntu.com/3654-2/","https://usn.ubuntu.com/3656-1/","https://usn.ubuntu.com/3674-1/","https://usn.ubuntu.com/3674-2/","https://usn.ubuntu.com/3677-1/","https://usn.ubuntu.com/3677-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188"],"published_time":"2018-03-16T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000120","summary":"A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.0154,"ranking_epss":0.81323,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/103414","http://www.securitytracker.com/id/1040531","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-9cd6.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html","https://usn.ubuntu.com/3598-1/","https://usn.ubuntu.com/3598-2/","https://www.debian.org/security/2018/dsa-4136","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/103414","http://www.securitytracker.com/id/1040531","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-9cd6.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html","https://usn.ubuntu.com/3598-1/","https://usn.ubuntu.com/3598-2/","https://www.debian.org/security/2018/dsa-4136","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2018-03-14T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000121","summary":"A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.03154,"ranking_epss":0.86868,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/103415","http://www.securitytracker.com/id/1040529","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-97a2.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html","https://usn.ubuntu.com/3598-1/","https://usn.ubuntu.com/3598-2/","https://www.debian.org/security/2018/dsa-4136","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/103415","http://www.securitytracker.com/id/1040529","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-97a2.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html","https://usn.ubuntu.com/3598-1/","https://usn.ubuntu.com/3598-2/","https://www.debian.org/security/2018/dsa-4136","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"],"published_time":"2018-03-14T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000122","summary":"A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage","cvss":9.1,"cvss_version":3.0,"cvss_v2":6.4,"cvss_v3":9.1,"epss":0.01942,"ranking_epss":0.83387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/103436","http://www.securitytracker.com/id/1040530","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-b047.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html","https://usn.ubuntu.com/3598-1/","https://usn.ubuntu.com/3598-2/","https://www.debian.org/security/2018/dsa-4136","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/103436","http://www.securitytracker.com/id/1040530","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-b047.html","https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html","https://usn.ubuntu.com/3598-1/","https://usn.ubuntu.com/3598-2/","https://www.debian.org/security/2018/dsa-4136","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"],"published_time":"2018-03-14T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7750","summary":"transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.21328,"ranking_epss":0.95666,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103713","https://access.redhat.com/errata/RHSA-2018:0591","https://access.redhat.com/errata/RHSA-2018:0646","https://access.redhat.com/errata/RHSA-2018:1124","https://access.redhat.com/errata/RHSA-2018:1125","https://access.redhat.com/errata/RHSA-2018:1213","https://access.redhat.com/errata/RHSA-2018:1274","https://access.redhat.com/errata/RHSA-2018:1328","https://access.redhat.com/errata/RHSA-2018:1525","https://access.redhat.com/errata/RHSA-2018:1972","https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst","https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516","https://github.com/paramiko/paramiko/issues/1175","https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html","https://usn.ubuntu.com/3603-1/","https://usn.ubuntu.com/3603-2/","https://www.exploit-db.com/exploits/45712/","http://www.securityfocus.com/bid/103713","https://access.redhat.com/errata/RHSA-2018:0591","https://access.redhat.com/errata/RHSA-2018:0646","https://access.redhat.com/errata/RHSA-2018:1124","https://access.redhat.com/errata/RHSA-2018:1125","https://access.redhat.com/errata/RHSA-2018:1213","https://access.redhat.com/errata/RHSA-2018:1274","https://access.redhat.com/errata/RHSA-2018:1328","https://access.redhat.com/errata/RHSA-2018:1525","https://access.redhat.com/errata/RHSA-2018:1972","https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst","https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516","https://github.com/paramiko/paramiko/issues/1175","https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html","https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html","https://usn.ubuntu.com/3603-1/","https://usn.ubuntu.com/3603-2/","https://www.exploit-db.com/exploits/45712/"],"published_time":"2018-03-13T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1050","summary":"All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.","cvss":4.3,"cvss_version":3.0,"cvss_v2":3.3,"cvss_v3":4.3,"epss":0.22357,"ranking_epss":0.95797,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103387","http://www.securitytracker.com/id/1040493","https://access.redhat.com/errata/RHSA-2018:1860","https://access.redhat.com/errata/RHSA-2018:1883","https://access.redhat.com/errata/RHSA-2018:2612","https://access.redhat.com/errata/RHSA-2018:2613","https://access.redhat.com/errata/RHSA-2018:3056","https://bugzilla.redhat.com/show_bug.cgi?id=1538771","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html","https://security.gentoo.org/glsa/201805-07","https://security.netapp.com/advisory/ntap-20180313-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us","https://usn.ubuntu.com/3595-1/","https://usn.ubuntu.com/3595-2/","https://www.debian.org/security/2018/dsa-4135","https://www.samba.org/samba/security/CVE-2018-1050.html","http://www.securityfocus.com/bid/103387","http://www.securitytracker.com/id/1040493","https://access.redhat.com/errata/RHSA-2018:1860","https://access.redhat.com/errata/RHSA-2018:1883","https://access.redhat.com/errata/RHSA-2018:2612","https://access.redhat.com/errata/RHSA-2018:2613","https://access.redhat.com/errata/RHSA-2018:3056","https://bugzilla.redhat.com/show_bug.cgi?id=1538771","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/03/msg00024.html","https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html","https://security.gentoo.org/glsa/201805-07","https://security.netapp.com/advisory/ntap-20180313-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03834en_us","https://usn.ubuntu.com/3595-1/","https://usn.ubuntu.com/3595-2/","https://www.debian.org/security/2018/dsa-4135","https://www.samba.org/samba/security/CVE-2018-1050.html"],"published_time":"2018-03-13T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7858","summary":"Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00055,"ranking_epss":0.17343,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html","http://www.openwall.com/lists/oss-security/2018/03/09/1","http://www.securityfocus.com/bid/103350","https://access.redhat.com/errata/RHSA-2018:1369","https://access.redhat.com/errata/RHSA-2018:1416","https://access.redhat.com/errata/RHSA-2018:2162","https://bugzilla.redhat.com/show_bug.cgi?id=1553402","https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html","https://usn.ubuntu.com/3649-1/","http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html","http://www.openwall.com/lists/oss-security/2018/03/09/1","http://www.securityfocus.com/bid/103350","https://access.redhat.com/errata/RHSA-2018:1369","https://access.redhat.com/errata/RHSA-2018:1416","https://access.redhat.com/errata/RHSA-2018:2162","https://bugzilla.redhat.com/show_bug.cgi?id=1553402","https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html","https://usn.ubuntu.com/3649-1/"],"published_time":"2018-03-12T21:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-8629","summary":"Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm.","cvss":6.5,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":6.5,"epss":0.00213,"ranking_epss":0.4387,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0876.html","http://www.securityfocus.com/bid/97392","http://www.securitytracker.com/id/1038180","https://access.redhat.com/errata/RHSA-2017:0872","https://access.redhat.com/errata/RHSA-2017:0873","https://bugzilla.redhat.com/show_bug.cgi?id=1388988","http://rhn.redhat.com/errata/RHSA-2017-0876.html","http://www.securityfocus.com/bid/97392","http://www.securitytracker.com/id/1038180","https://access.redhat.com/errata/RHSA-2017:0872","https://access.redhat.com/errata/RHSA-2017:0873","https://bugzilla.redhat.com/show_bug.cgi?id=1388988"],"published_time":"2018-03-12T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9600","summary":"JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00295,"ranking_epss":0.52784,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2017:1208","https://bugzilla.redhat.com/show_bug.cgi?id=1410026","https://usn.ubuntu.com/3693-1/","https://access.redhat.com/errata/RHSA-2017:1208","https://bugzilla.redhat.com/show_bug.cgi?id=1410026","https://usn.ubuntu.com/3693-1/"],"published_time":"2018-03-12T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2585","summary":"Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.00671,"ranking_epss":0.71317,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0876.html","http://www.securityfocus.com/bid/97393","http://www.securitytracker.com/id/1038180","https://access.redhat.com/errata/RHSA-2017:0872","https://access.redhat.com/errata/RHSA-2017:0873","https://bugzilla.redhat.com/show_bug.cgi?id=1412376","http://rhn.redhat.com/errata/RHSA-2017-0876.html","http://www.securityfocus.com/bid/97393","http://www.securitytracker.com/id/1038180","https://access.redhat.com/errata/RHSA-2017:0872","https://access.redhat.com/errata/RHSA-2017:0873","https://bugzilla.redhat.com/show_bug.cgi?id=1412376"],"published_time":"2018-03-12T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-2628","summary":"curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.00831,"ranking_epss":0.74516,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://rhn.redhat.com/errata/RHSA-2017-0847.html","http://www.securityfocus.com/bid/97187","https://bugzilla.redhat.com/show_bug.cgi?id=1422464","http://rhn.redhat.com/errata/RHSA-2017-0847.html","http://www.securityfocus.com/bid/97187","https://bugzilla.redhat.com/show_bug.cgi?id=1422464"],"published_time":"2018-03-12T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-8129","summary":"LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.","cvss":8.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.8,"epss":0.01462,"ranking_epss":0.80818,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://bugzilla.maptools.org/show_bug.cgi?id=2487","http://bugzilla.maptools.org/show_bug.cgi?id=2488","http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html","http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html","http://openwall.com/lists/oss-security/2015/01/24/15","http://rhn.redhat.com/errata/RHSA-2016-1546.html","http://rhn.redhat.com/errata/RHSA-2016-1547.html","http://support.apple.com/kb/HT204941","http://support.apple.com/kb/HT204942","http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt","http://www.securityfocus.com/bid/72352","http://www.securitytracker.com/id/1032760","https://bugzilla.redhat.com/show_bug.cgi?id=1185815","https://security.gentoo.org/glsa/201701-16","https://www.debian.org/security/2015/dsa-3273","http://bugzilla.maptools.org/show_bug.cgi?id=2487","http://bugzilla.maptools.org/show_bug.cgi?id=2488","http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html","http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html","http://openwall.com/lists/oss-security/2015/01/24/15","http://rhn.redhat.com/errata/RHSA-2016-1546.html","http://rhn.redhat.com/errata/RHSA-2016-1547.html","http://support.apple.com/kb/HT204941","http://support.apple.com/kb/HT204942","http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt","http://www.securityfocus.com/bid/72352","http://www.securitytracker.com/id/1032760","https://bugzilla.redhat.com/show_bug.cgi?id=1185815","https://security.gentoo.org/glsa/201701-16","https://www.debian.org/security/2015/dsa-3273"],"published_time":"2018-03-12T02:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2014-8130","summary":"The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.02075,"ranking_epss":0.83917,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://bugzilla.maptools.org/show_bug.cgi?id=2483","http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html","http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html","http://openwall.com/lists/oss-security/2015/01/24/15","http://rhn.redhat.com/errata/RHSA-2016-1546.html","http://rhn.redhat.com/errata/RHSA-2016-1547.html","http://support.apple.com/kb/HT204941","http://support.apple.com/kb/HT204942","http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt","http://www.securityfocus.com/bid/72353","http://www.securitytracker.com/id/1032760","https://bugzilla.redhat.com/show_bug.cgi?id=1185817","https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543","https://security.gentoo.org/glsa/201701-16","http://bugzilla.maptools.org/show_bug.cgi?id=2483","http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html","http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html","http://openwall.com/lists/oss-security/2015/01/24/15","http://rhn.redhat.com/errata/RHSA-2016-1546.html","http://rhn.redhat.com/errata/RHSA-2016-1547.html","http://support.apple.com/kb/HT204941","http://support.apple.com/kb/HT204942","http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt","http://www.securityfocus.com/bid/72353","http://www.securitytracker.com/id/1032760","https://bugzilla.redhat.com/show_bug.cgi?id=1185817","https://github.com/vadz/libtiff/commit/3c5eb8b1be544e41d2c336191bc4936300ad7543","https://security.gentoo.org/glsa/201701-16"],"published_time":"2018-03-12T02:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-9591","summary":"JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00479,"ranking_epss":0.64974,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/94952","https://access.redhat.com/errata/RHSA-2017:1208","https://bugzilla.redhat.com/show_bug.cgi?id=1406405","https://security.gentoo.org/glsa/201707-07","https://www.debian.org/security/2017/dsa-3827","http://www.securityfocus.com/bid/94952","https://access.redhat.com/errata/RHSA-2017:1208","https://bugzilla.redhat.com/show_bug.cgi?id=1406405","https://security.gentoo.org/glsa/201707-07","https://www.debian.org/security/2017/dsa-3827"],"published_time":"2018-03-09T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1071","summary":"zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00039,"ranking_epss":0.11813,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103359","https://access.redhat.com/errata/RHSA-2018:3073","https://bugzilla.redhat.com/show_bug.cgi?id=1553531","https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html","https://security.gentoo.org/glsa/201805-10","https://usn.ubuntu.com/3608-1/","http://www.securityfocus.com/bid/103359","https://access.redhat.com/errata/RHSA-2018:3073","https://bugzilla.redhat.com/show_bug.cgi?id=1553531","https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html","https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html","https://security.gentoo.org/glsa/201805-10","https://usn.ubuntu.com/3608-1/"],"published_time":"2018-03-09T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1054","summary":"An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.14722,"ranking_epss":0.94469,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103228","https://access.redhat.com/errata/RHSA-2018:0414","https://access.redhat.com/errata/RHSA-2018:0515","https://bugzilla.redhat.com/show_bug.cgi?id=1537314","https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html","https://pagure.io/389-ds-base/issue/49545","http://www.securityfocus.com/bid/103228","https://access.redhat.com/errata/RHSA-2018:0414","https://access.redhat.com/errata/RHSA-2018:0515","https://bugzilla.redhat.com/show_bug.cgi?id=1537314","https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html","https://pagure.io/389-ds-base/issue/49545"],"published_time":"2018-03-07T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7740","summary":"The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":5.5,"epss":0.0009,"ranking_epss":0.25563,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103316","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=199037","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://usn.ubuntu.com/3910-1/","https://usn.ubuntu.com/3910-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188","http://www.securityfocus.com/bid/103316","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://bugzilla.kernel.org/show_bug.cgi?id=199037","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://usn.ubuntu.com/3910-1/","https://usn.ubuntu.com/3910-2/","https://www.debian.org/security/2018/dsa-4187","https://www.debian.org/security/2018/dsa-4188"],"published_time":"2018-03-07T08:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5729","summary":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.","cvss":4.7,"cvss_version":3.0,"cvss_v2":6.5,"cvss_v3":4.7,"epss":0.00076,"ranking_epss":0.22988,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1042071","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3071","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","https://bugzilla.redhat.com/show_bug.cgi?id=1551083","https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1","https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html","https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/","http://www.securitytracker.com/id/1042071","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3071","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","https://bugzilla.redhat.com/show_bug.cgi?id=1551083","https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1","https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html","https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/"],"published_time":"2018-03-06T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5730","summary":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.","cvss":3.8,"cvss_version":3.0,"cvss_v2":5.5,"cvss_v3":3.8,"epss":0.00425,"ranking_epss":0.6216,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1042071","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3071","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","https://bugzilla.redhat.com/show_bug.cgi?id=1551082","https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1","https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html","https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/","http://www.securitytracker.com/id/1042071","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3071","https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869","https://bugzilla.redhat.com/show_bug.cgi?id=1551082","https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1","https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html","https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/"],"published_time":"2018-03-06T20:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7725","summary":"An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00498,"ranking_epss":0.6585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3229","https://github.com/gdraheim/zziplib/issues/39","https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html","https://usn.ubuntu.com/3699-1/","https://access.redhat.com/errata/RHSA-2018:3229","https://github.com/gdraheim/zziplib/issues/39","https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html","https://usn.ubuntu.com/3699-1/"],"published_time":"2018-03-06T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7726","summary":"An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00498,"ranking_epss":0.6585,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3229","https://github.com/gdraheim/zziplib/issues/41","https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html","https://usn.ubuntu.com/3699-1/","https://access.redhat.com/errata/RHSA-2018:3229","https://github.com/gdraheim/zziplib/issues/41","https://lists.debian.org/debian-lts-announce/2020/06/msg00029.html","https://usn.ubuntu.com/3699-1/"],"published_time":"2018-03-06T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7727","summary":"An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.00133,"ranking_epss":0.33007,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3229","https://github.com/gdraheim/zziplib/issues/40","https://access.redhat.com/errata/RHSA-2018:3229","https://github.com/gdraheim/zziplib/issues/40"],"published_time":"2018-03-06T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7642","summary":"The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00193,"ranking_epss":0.41199,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22887","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=116acb2c268c89c89186673a7c92620d21825b25","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22887","https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=116acb2c268c89c89186673a7c92620d21825b25"],"published_time":"2018-03-02T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7643","summary":"The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00173,"ranking_epss":0.38761,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/103264","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22905","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/103264","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22905"],"published_time":"2018-03-02T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15134","summary":"A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.05689,"ranking_epss":0.90371,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html","http://www.securityfocus.com/bid/102790","https://access.redhat.com/errata/RHSA-2018:0163","https://bugzilla.redhat.com/show_bug.cgi?id=1531573","https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html","https://pagure.io/389-ds-base/c/6aa2acdc3cad9","http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html","http://www.securityfocus.com/bid/102790","https://access.redhat.com/errata/RHSA-2018:0163","https://bugzilla.redhat.com/show_bug.cgi?id=1531573","https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html","https://pagure.io/389-ds-base/c/6aa2acdc3cad9"],"published_time":"2018-03-01T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7550","summary":"The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.","cvss":8.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.8,"epss":0.00084,"ranking_epss":0.24595,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/103181","https://access.redhat.com/errata/RHSA-2018:1369","https://access.redhat.com/errata/RHSA-2018:2462","https://bugzilla.redhat.com/show_bug.cgi?id=1549798","https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53","https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html","https://usn.ubuntu.com/3649-1/","https://www.debian.org/security/2018/dsa-4213","http://www.securityfocus.com/bid/103181","https://access.redhat.com/errata/RHSA-2018:1369","https://access.redhat.com/errata/RHSA-2018:2462","https://bugzilla.redhat.com/show_bug.cgi?id=1549798","https://github.com/orangecertcc/security-research/security/advisories/GHSA-f49v-45qp-cv53","https://lists.debian.org/debian-lts-announce/2018/04/msg00015.html","https://lists.debian.org/debian-lts-announce/2018/04/msg00016.html","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg06890.html","https://usn.ubuntu.com/3649-1/","https://www.debian.org/security/2018/dsa-4213"],"published_time":"2018-03-01T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7568","summary":"The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00172,"ranking_epss":0.38513,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22894","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22894"],"published_time":"2018-02-28T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7569","summary":"dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.","cvss":5.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.5,"epss":0.00147,"ranking_epss":0.35224,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22895","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22895"],"published_time":"2018-02-28T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7549","summary":"In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.00324,"ranking_epss":0.55417,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:3073","https://security.gentoo.org/glsa/201805-10","https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd","https://usn.ubuntu.com/3593-1/","https://access.redhat.com/errata/RHSA-2018:3073","https://security.gentoo.org/glsa/201805-10","https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd","https://usn.ubuntu.com/3593-1/"],"published_time":"2018-02-27T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6764","summary":"util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00036,"ranking_epss":0.10813,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.ubuntu.com/usn/USN-3576-1","https://access.redhat.com/errata/RHSA-2018:3113","https://www.debian.org/security/2018/dsa-4137","https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html","http://www.ubuntu.com/usn/USN-3576-1","https://access.redhat.com/errata/RHSA-2018:3113","https://www.debian.org/security/2018/dsa-4137","https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html"],"published_time":"2018-02-23T17:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7225","summary":"An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.04263,"ranking_epss":0.88785,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/02/18/1","http://www.securityfocus.com/bid/103107","https://access.redhat.com/errata/RHSA-2018:1055","https://github.com/LibVNC/libvncserver/issues/218","https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html","https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html","https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html","https://security.gentoo.org/glsa/201908-05","https://usn.ubuntu.com/3618-1/","https://usn.ubuntu.com/4547-1/","https://usn.ubuntu.com/4573-1/","https://usn.ubuntu.com/4587-1/","https://www.debian.org/security/2018/dsa-4221","http://www.openwall.com/lists/oss-security/2018/02/18/1","http://www.securityfocus.com/bid/103107","https://access.redhat.com/errata/RHSA-2018:1055","https://github.com/LibVNC/libvncserver/issues/218","https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html","https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html","https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html","https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html","https://security.gentoo.org/glsa/201908-05","https://usn.ubuntu.com/3618-1/","https://usn.ubuntu.com/4547-1/","https://usn.ubuntu.com/4573-1/","https://usn.ubuntu.com/4587-1/","https://www.debian.org/security/2018/dsa-4221"],"published_time":"2018-02-19T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5379","summary":"The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.","cvss":7.5,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.5,"epss":0.07029,"ranking_epss":0.91447,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://savannah.nongnu.org/forum/forum.php?forum_id=9095","http://www.kb.cert.org/vuls/id/940439","http://www.securityfocus.com/bid/103105","https://access.redhat.com/errata/RHSA-2018:0377","https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf","https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt","https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html","https://security.gentoo.org/glsa/201804-17","https://usn.ubuntu.com/3573-1/","https://www.debian.org/security/2018/dsa-4115","http://savannah.nongnu.org/forum/forum.php?forum_id=9095","http://www.kb.cert.org/vuls/id/940439","http://www.securityfocus.com/bid/103105","https://access.redhat.com/errata/RHSA-2018:0377","https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf","https://gogs.quagga.net/Quagga/quagga/src/master/doc/security/Quagga-2018-1114.txt","https://lists.debian.org/debian-lts-announce/2018/02/msg00021.html","https://security.gentoo.org/glsa/201804-17","https://usn.ubuntu.com/3573-1/","https://www.debian.org/security/2018/dsa-4115"],"published_time":"2018-02-19T13:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-7208","summary":"In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00201,"ranking_epss":0.4221,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/103077","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22741","http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html","http://www.securityfocus.com/bid/103077","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3032","https://security.gentoo.org/glsa/201811-17","https://sourceware.org/bugzilla/show_bug.cgi?id=22741"],"published_time":"2018-02-18T04:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1049","summary":"In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.00512,"ranking_epss":0.66446,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1041520","https://access.redhat.com/errata/RHSA-2018:0260","https://bugzilla.redhat.com/show_bug.cgi?id=1534701","https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html","https://usn.ubuntu.com/3558-1/","http://www.securitytracker.com/id/1041520","https://access.redhat.com/errata/RHSA-2018:0260","https://bugzilla.redhat.com/show_bug.cgi?id=1534701","https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html","https://usn.ubuntu.com/3558-1/"],"published_time":"2018-02-16T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6927","summary":"The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00031,"ranking_epss":0.08739,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a","http://www.securityfocus.com/bid/103023","https://access.redhat.com/errata/RHSA-2018:0654","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3697-1/","https://usn.ubuntu.com/3697-2/","https://usn.ubuntu.com/3698-1/","https://usn.ubuntu.com/3698-2/","https://www.debian.org/security/2018/dsa-4187","https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a","http://www.securityfocus.com/bid/103023","https://access.redhat.com/errata/RHSA-2018:0654","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3697-1/","https://usn.ubuntu.com/3697-2/","https://usn.ubuntu.com/3698-1/","https://usn.ubuntu.com/3698-2/","https://www.debian.org/security/2018/dsa-4187","https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15"],"published_time":"2018-02-12T19:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000026","summary":"Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..","cvss":7.7,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.7,"epss":0.00865,"ranking_epss":0.75081,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://lists.openwall.net/netdev/2018/01/16/40","http://lists.openwall.net/netdev/2018/01/18/96","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://patchwork.ozlabs.org/patch/859410/","https://usn.ubuntu.com/3617-1/","https://usn.ubuntu.com/3617-2/","https://usn.ubuntu.com/3617-3/","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3620-1/","https://usn.ubuntu.com/3620-2/","https://usn.ubuntu.com/3632-1/","http://lists.openwall.net/netdev/2018/01/16/40","http://lists.openwall.net/netdev/2018/01/18/96","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html","https://patchwork.ozlabs.org/patch/859410/","https://usn.ubuntu.com/3617-1/","https://usn.ubuntu.com/3617-2/","https://usn.ubuntu.com/3617-3/","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3620-1/","https://usn.ubuntu.com/3620-2/","https://usn.ubuntu.com/3632-1/"],"published_time":"2018-02-09T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6871","summary":"LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.","cvss":9.8,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":9.8,"epss":0.4268,"ranking_epss":0.97457,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:0418","https://access.redhat.com/errata/RHSA-2018:0517","https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a","https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure","https://usn.ubuntu.com/3579-1/","https://www.debian.org/security/2018/dsa-4111","https://www.exploit-db.com/exploits/44022/","https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/","https://access.redhat.com/errata/RHSA-2018:0418","https://access.redhat.com/errata/RHSA-2018:0517","https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a","https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure","https://usn.ubuntu.com/3579-1/","https://www.debian.org/security/2018/dsa-4111","https://www.exploit-db.com/exploits/44022/","https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/"],"published_time":"2018-02-09T06:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6574","summary":"Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow \"go get\" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.36789,"ranking_epss":0.97124,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:0878","https://access.redhat.com/errata/RHSA-2018:1304","https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574","https://github.com/golang/go/issues/23672","https://groups.google.com/forum/#%21topic/golang-nuts/Gbhh1NxAjMU","https://groups.google.com/forum/#%21topic/golang-nuts/sprOaQ5m3Dk","https://www.debian.org/security/2019/dsa-4380","https://access.redhat.com/errata/RHSA-2018:0878","https://access.redhat.com/errata/RHSA-2018:1304","https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574","https://github.com/golang/go/issues/23672","https://groups.google.com/forum/#%21topic/golang-nuts/Gbhh1NxAjMU","https://groups.google.com/forum/#%21topic/golang-nuts/sprOaQ5m3Dk","https://www.debian.org/security/2019/dsa-4380"],"published_time":"2018-02-07T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4877","summary":"A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.05038,"ranking_epss":0.89723,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102930","https://access.redhat.com/errata/RHSA-2018:0285","https://helpx.adobe.com/security/products/flash-player/apsb18-03.html","http://www.securityfocus.com/bid/102930","https://access.redhat.com/errata/RHSA-2018:0285","https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"],"published_time":"2018-02-06T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4878","summary":"A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.8,"epss":0.93446,"ranking_epss":0.99818,"kev":true,"propose_action":"Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.","ransomware_campaign":"Known","references":["http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html","http://www.securityfocus.com/bid/102893","http://www.securitytracker.com/id/1040318","https://access.redhat.com/errata/RHSA-2018:0285","https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign","https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day","https://github.com/vysec/CVE-2018-4878","https://helpx.adobe.com/security/products/flash-player/apsb18-03.html","https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/","https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/","https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139","https://www.exploit-db.com/exploits/44412/","https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html","https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets","http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html","http://www.securityfocus.com/bid/102893","http://www.securitytracker.com/id/1040318","https://access.redhat.com/errata/RHSA-2018:0285","https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign","https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day","https://github.com/vysec/CVE-2018-4878","https://helpx.adobe.com/security/products/flash-player/apsb18-03.html","https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/","https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/","https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139","https://www.exploit-db.com/exploits/44412/","https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html","https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets","https://github.com/cisagov/vulnrichment/issues/196","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4878"],"published_time":"2018-02-06T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-7525","summary":"A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.79267,"ranking_epss":0.99063,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/99623","http://www.securitytracker.com/id/1039744","http://www.securitytracker.com/id/1039947","http://www.securitytracker.com/id/1040360","https://access.redhat.com/errata/RHSA-2017:1834","https://access.redhat.com/errata/RHSA-2017:1835","https://access.redhat.com/errata/RHSA-2017:1836","https://access.redhat.com/errata/RHSA-2017:1837","https://access.redhat.com/errata/RHSA-2017:1839","https://access.redhat.com/errata/RHSA-2017:1840","https://access.redhat.com/errata/RHSA-2017:2477","https://access.redhat.com/errata/RHSA-2017:2546","https://access.redhat.com/errata/RHSA-2017:2547","https://access.redhat.com/errata/RHSA-2017:2633","https://access.redhat.com/errata/RHSA-2017:2635","https://access.redhat.com/errata/RHSA-2017:2636","https://access.redhat.com/errata/RHSA-2017:2637","https://access.redhat.com/errata/RHSA-2017:2638","https://access.redhat.com/errata/RHSA-2017:3141","https://access.redhat.com/errata/RHSA-2017:3454","https://access.redhat.com/errata/RHSA-2017:3455","https://access.redhat.com/errata/RHSA-2017:3456","https://access.redhat.com/errata/RHSA-2017:3458","https://access.redhat.com/errata/RHSA-2018:0294","https://access.redhat.com/errata/RHSA-2018:0342","https://access.redhat.com/errata/RHSA-2018:1449","https://access.redhat.com/errata/RHSA-2018:1450","https://access.redhat.com/errata/RHSA-2019:0910","https://access.redhat.com/errata/RHSA-2019:2858","https://access.redhat.com/errata/RHSA-2019:3149","https://bugzilla.redhat.com/show_bug.cgi?id=1462702","https://cwiki.apache.org/confluence/display/WW/S2-055","https://github.com/FasterXML/jackson-databind/issues/1599","https://github.com/FasterXML/jackson-databind/issues/1723","https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E","https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E","https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E","https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html","https://security.netapp.com/advisory/ntap-20171214-0002/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us","https://www.debian.org/security/2017/dsa-4004","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/99623","http://www.securitytracker.com/id/1039744","http://www.securitytracker.com/id/1039947","http://www.securitytracker.com/id/1040360","https://access.redhat.com/errata/RHSA-2017:1834","https://access.redhat.com/errata/RHSA-2017:1835","https://access.redhat.com/errata/RHSA-2017:1836","https://access.redhat.com/errata/RHSA-2017:1837","https://access.redhat.com/errata/RHSA-2017:1839","https://access.redhat.com/errata/RHSA-2017:1840","https://access.redhat.com/errata/RHSA-2017:2477","https://access.redhat.com/errata/RHSA-2017:2546","https://access.redhat.com/errata/RHSA-2017:2547","https://access.redhat.com/errata/RHSA-2017:2633","https://access.redhat.com/errata/RHSA-2017:2635","https://access.redhat.com/errata/RHSA-2017:2636","https://access.redhat.com/errata/RHSA-2017:2637","https://access.redhat.com/errata/RHSA-2017:2638","https://access.redhat.com/errata/RHSA-2017:3141","https://access.redhat.com/errata/RHSA-2017:3454","https://access.redhat.com/errata/RHSA-2017:3455","https://access.redhat.com/errata/RHSA-2017:3456","https://access.redhat.com/errata/RHSA-2017:3458","https://access.redhat.com/errata/RHSA-2018:0294","https://access.redhat.com/errata/RHSA-2018:0342","https://access.redhat.com/errata/RHSA-2018:1449","https://access.redhat.com/errata/RHSA-2018:1450","https://access.redhat.com/errata/RHSA-2019:0910","https://access.redhat.com/errata/RHSA-2019:2858","https://access.redhat.com/errata/RHSA-2019:3149","https://bugzilla.redhat.com/show_bug.cgi?id=1462702","https://cwiki.apache.org/confluence/display/WW/S2-055","https://github.com/FasterXML/jackson-databind/issues/1599","https://github.com/FasterXML/jackson-databind/issues/1723","https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E","https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E","https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E","https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E","https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E","https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E","https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E","https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html","https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html","https://security.netapp.com/advisory/ntap-20171214-0002/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us","https://www.debian.org/security/2017/dsa-4004","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"],"published_time":"2018-02-06T15:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6560","summary":"In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.","cvss":8.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":8.8,"epss":0.00094,"ranking_epss":0.26299,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:2766","https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6","https://github.com/flatpak/flatpak/releases/tag/0.10.3","https://github.com/flatpak/flatpak/releases/tag/0.8.9","https://access.redhat.com/errata/RHSA-2018:2766","https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6","https://github.com/flatpak/flatpak/releases/tag/0.10.3","https://github.com/flatpak/flatpak/releases/tag/0.8.9"],"published_time":"2018-02-02T14:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-6485","summary":"An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.01095,"ranking_epss":0.77958,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://bugs.debian.org/878159","http://www.securityfocus.com/bid/102912","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3092","https://security.netapp.com/advisory/ntap-20190404-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=22343","https://usn.ubuntu.com/4218-1/","https://usn.ubuntu.com/4416-1/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","http://bugs.debian.org/878159","http://www.securityfocus.com/bid/102912","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3092","https://security.netapp.com/advisory/ntap-20190404-0003/","https://sourceware.org/bugzilla/show_bug.cgi?id=22343","https://usn.ubuntu.com/4218-1/","https://usn.ubuntu.com/4416-1/","https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"],"published_time":"2018-02-01T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000001","summary":"In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":7.2,"cvss_v3":7.8,"epss":0.44049,"ranking_epss":0.97526,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/oss-sec/2018/q1/38","http://www.securityfocus.com/bid/102525","http://www.securitytracker.com/id/1040162","https://access.redhat.com/errata/RHSA-2018:0805","https://security.netapp.com/advisory/ntap-20190404-0003/","https://usn.ubuntu.com/3534-1/","https://usn.ubuntu.com/3536-1/","https://www.exploit-db.com/exploits/43775/","https://www.exploit-db.com/exploits/44889/","https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/","http://seclists.org/oss-sec/2018/q1/38","http://www.securityfocus.com/bid/102525","http://www.securitytracker.com/id/1040162","https://access.redhat.com/errata/RHSA-2018:0805","https://security.netapp.com/advisory/ntap-20190404-0003/","https://usn.ubuntu.com/3534-1/","https://usn.ubuntu.com/3536-1/","https://www.exploit-db.com/exploits/43775/","https://www.exploit-db.com/exploits/44889/","https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/"],"published_time":"2018-01-31T14:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5750","summary":"The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00037,"ranking_epss":0.11158,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securitytracker.com/id/1040319","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2018:2948","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://patchwork.kernel.org/patch/10174835/","https://usn.ubuntu.com/3631-1/","https://usn.ubuntu.com/3631-2/","https://usn.ubuntu.com/3697-1/","https://usn.ubuntu.com/3697-2/","https://usn.ubuntu.com/3698-1/","https://usn.ubuntu.com/3698-2/","https://www.debian.org/security/2018/dsa-4120","https://www.debian.org/security/2018/dsa-4187","http://www.securitytracker.com/id/1040319","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2018:2948","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://patchwork.kernel.org/patch/10174835/","https://usn.ubuntu.com/3631-1/","https://usn.ubuntu.com/3631-2/","https://usn.ubuntu.com/3697-1/","https://usn.ubuntu.com/3697-2/","https://usn.ubuntu.com/3698-1/","https://usn.ubuntu.com/3698-2/","https://www.debian.org/security/2018/dsa-4120","https://www.debian.org/security/2018/dsa-4187"],"published_time":"2018-01-26T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5748","summary":"qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01494,"ranking_epss":0.81035,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102825","https://access.redhat.com/errata/RHSA-2018:1396","https://access.redhat.com/errata/RHSA-2018:1929","https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html","https://www.debian.org/security/2018/dsa-4137","https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html","http://www.securityfocus.com/bid/102825","https://access.redhat.com/errata/RHSA-2018:1396","https://access.redhat.com/errata/RHSA-2018:1929","https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html","https://www.debian.org/security/2018/dsa-4137","https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html"],"published_time":"2018-01-25T16:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1047","summary":"A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.","cvss":5.5,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":5.5,"epss":0.00176,"ranking_epss":0.39122,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:1247","https://access.redhat.com/errata/RHSA-2018:1248","https://access.redhat.com/errata/RHSA-2018:1249","https://access.redhat.com/errata/RHSA-2018:1251","https://access.redhat.com/errata/RHSA-2018:2938","https://bugzilla.redhat.com/show_bug.cgi?id=1528361","https://issues.jboss.org/browse/WFLY-9620","https://access.redhat.com/errata/RHSA-2018:1247","https://access.redhat.com/errata/RHSA-2018:1248","https://access.redhat.com/errata/RHSA-2018:1249","https://access.redhat.com/errata/RHSA-2018:1251","https://access.redhat.com/errata/RHSA-2018:2938","https://bugzilla.redhat.com/show_bug.cgi?id=1528361","https://issues.jboss.org/browse/WFLY-9620"],"published_time":"2018-01-24T23:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-1000007","summary":"libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.","cvss":9.8,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":9.8,"epss":0.03344,"ranking_epss":0.87276,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2022/04/27/4","http://www.securitytracker.com/id/1040274","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-b3bf.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html","https://usn.ubuntu.com/3554-1/","https://usn.ubuntu.com/3554-2/","https://www.debian.org/security/2018/dsa-4098","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://www.openwall.com/lists/oss-security/2022/04/27/4","http://www.securitytracker.com/id/1040274","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3157","https://access.redhat.com/errata/RHSA-2018:3558","https://access.redhat.com/errata/RHSA-2019:1543","https://access.redhat.com/errata/RHSA-2020:0544","https://access.redhat.com/errata/RHSA-2020:0594","https://curl.haxx.se/docs/adv_2018-b3bf.html","https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html","https://usn.ubuntu.com/3554-1/","https://usn.ubuntu.com/3554-2/","https://www.debian.org/security/2018/dsa-4098","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2018-01-24T22:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5683","summary":"The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.","cvss":6.0,"cvss_version":3.0,"cvss_v2":2.1,"cvss_v3":6.0,"epss":0.00027,"ranking_epss":0.07697,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2018/01/15/2","http://www.securityfocus.com/bid/102518","https://access.redhat.com/errata/RHSA-2018:0816","https://access.redhat.com/errata/RHSA-2018:1104","https://access.redhat.com/errata/RHSA-2018:2162","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html","https://usn.ubuntu.com/3575-1/","https://www.debian.org/security/2018/dsa-4213","http://www.openwall.com/lists/oss-security/2018/01/15/2","http://www.securityfocus.com/bid/102518","https://access.redhat.com/errata/RHSA-2018:0816","https://access.redhat.com/errata/RHSA-2018:1104","https://access.redhat.com/errata/RHSA-2018:2162","https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html","https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html","https://usn.ubuntu.com/3575-1/","https://www.debian.org/security/2018/dsa-4213"],"published_time":"2018-01-23T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5950","summary":"Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.","cvss":6.1,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.1,"epss":0.02228,"ranking_epss":0.84469,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html","http://www.securityfocus.com/bid/104594","https://access.redhat.com/errata/RHSA-2018:0504","https://access.redhat.com/errata/RHSA-2018:0505","https://bugs.launchpad.net/mailman/+bug/1747209","https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html","https://usn.ubuntu.com/3563-1/","https://www.debian.org/security/2018/dsa-4108","https://www.mail-archive.com/mailman-users%40python.org/msg70375.html","http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html","http://www.securityfocus.com/bid/104594","https://access.redhat.com/errata/RHSA-2018:0504","https://access.redhat.com/errata/RHSA-2018:0505","https://bugs.launchpad.net/mailman/+bug/1747209","https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html","https://usn.ubuntu.com/3563-1/","https://www.debian.org/security/2018/dsa-4108","https://www.mail-archive.com/mailman-users%40python.org/msg70375.html"],"published_time":"2018-01-23T16:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5968","summary":"FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.","cvss":8.1,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.1,"epss":0.01965,"ranking_epss":0.83473,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:0478","https://access.redhat.com/errata/RHSA-2018:0479","https://access.redhat.com/errata/RHSA-2018:0480","https://access.redhat.com/errata/RHSA-2018:0481","https://access.redhat.com/errata/RHSA-2018:1525","https://access.redhat.com/errata/RHSA-2019:2858","https://access.redhat.com/errata/RHSA-2019:3149","https://github.com/FasterXML/jackson-databind/issues/1899","https://security.netapp.com/advisory/ntap-20180423-0002/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us","https://www.debian.org/security/2018/dsa-4114","https://www.oracle.com/security-alerts/cpuoct2020.html","https://access.redhat.com/errata/RHSA-2018:0478","https://access.redhat.com/errata/RHSA-2018:0479","https://access.redhat.com/errata/RHSA-2018:0480","https://access.redhat.com/errata/RHSA-2018:0481","https://access.redhat.com/errata/RHSA-2018:1525","https://access.redhat.com/errata/RHSA-2019:2858","https://access.redhat.com/errata/RHSA-2019:3149","https://github.com/FasterXML/jackson-databind/issues/1899","https://security.netapp.com/advisory/ntap-20180423-0002/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us","https://www.debian.org/security/2018/dsa-4114","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2018-01-22T04:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2016-6814","summary":"When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.25712,"ranking_epss":0.96218,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E","http://rhn.redhat.com/errata/RHSA-2017-0272.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/95429","http://www.securitytracker.com/id/1039600","https://access.redhat.com/errata/RHSA-2017:0868","https://access.redhat.com/errata/RHSA-2017:2486","https://access.redhat.com/errata/RHSA-2017:2596","https://security.gentoo.org/glsa/202003-01","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E","http://rhn.redhat.com/errata/RHSA-2017-0272.html","http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","http://www.securityfocus.com/bid/95429","http://www.securitytracker.com/id/1039600","https://access.redhat.com/errata/RHSA-2017:0868","https://access.redhat.com/errata/RHSA-2017:2486","https://access.redhat.com/errata/RHSA-2017:2596","https://security.gentoo.org/glsa/202003-01","https://www.oracle.com/security-alerts/cpujan2020.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"],"published_time":"2018-01-18T18:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2663","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00069,"ranking_epss":0.2134,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102662","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102662","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2665","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.5,"epss":0.00441,"ranking_epss":0.63225,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102681","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0586","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102681","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0586","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-01-18T02:29:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2668","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.5,"epss":0.00355,"ranking_epss":0.57803,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102682","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0586","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102682","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0586","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-01-18T02:29:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2677","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00069,"ranking_epss":0.2134,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102656","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102656","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2678","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":4.3,"epss":0.00069,"ranking_epss":0.2134,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102659","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102659","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:22","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2657","summary":"Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.01289,"ranking_epss":0.7962,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102629","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102629","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"],"published_time":"2018-01-18T02:29:21","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2622","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.5,"epss":0.00398,"ranking_epss":0.60552,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102706","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0586","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102706","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0586","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-01-18T02:29:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2629","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).","cvss":5.3,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":5.3,"epss":0.00219,"ranking_epss":0.44522,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102615","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102615","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2633","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":8.3,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":8.3,"epss":0.00693,"ranking_epss":0.71829,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102557","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102557","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2634","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).","cvss":6.8,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.8,"epss":0.00133,"ranking_epss":0.32986,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102592","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102592","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2637","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).","cvss":7.4,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":7.4,"epss":0.00192,"ranking_epss":0.4113,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102576","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102576","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2638","summary":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":8.3,"cvss_version":3.0,"cvss_v2":5.1,"cvss_v3":8.3,"epss":0.00748,"ranking_epss":0.73056,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102546","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:1463","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180117-0001/","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102546","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:1463","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180117-0001/"],"published_time":"2018-01-18T02:29:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2639","summary":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).","cvss":8.3,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":8.3,"epss":0.00596,"ranking_epss":0.69285,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102556","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:1463","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180117-0001/","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102556","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:1463","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180117-0001/"],"published_time":"2018-01-18T02:29:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2640","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).","cvss":6.5,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":6.5,"epss":0.00464,"ranking_epss":0.64297,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102678","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0586","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102678","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0586","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-01-18T02:29:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2641","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).","cvss":6.1,"cvss_version":3.0,"cvss_v2":2.6,"cvss_v3":6.1,"epss":0.00169,"ranking_epss":0.38161,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102605","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102605","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:20","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2599","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).","cvss":4.8,"cvss_version":3.0,"cvss_v2":5.8,"cvss_v3":4.8,"epss":0.00078,"ranking_epss":0.23377,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102633","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102633","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2602","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).","cvss":4.5,"cvss_version":3.0,"cvss_v2":3.7,"cvss_v3":4.5,"epss":0.00065,"ranking_epss":0.20302,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102642","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102642","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2603","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","cvss":5.3,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":5.3,"epss":0.00101,"ranking_epss":0.27942,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102625","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102625","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2618","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).","cvss":5.9,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":5.9,"epss":0.00134,"ranking_epss":0.33111,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102612","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102612","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:19","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2579","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).","cvss":3.7,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":3.7,"epss":0.00109,"ranking_epss":0.29254,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102663","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102663","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2582","summary":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0022,"ranking_epss":0.44677,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102597","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://www.debian.org/security/2018/dsa-4144","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102597","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://www.debian.org/security/2018/dsa-4144"],"published_time":"2018-01-18T02:29:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2588","summary":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).","cvss":4.3,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":4.3,"epss":0.00346,"ranking_epss":0.57157,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102661","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102661","http://www.securitytracker.com/id/1040203","https://access.redhat.com/errata/RHSA-2018:0095","https://access.redhat.com/errata/RHSA-2018:0099","https://access.redhat.com/errata/RHSA-2018:0100","https://access.redhat.com/errata/RHSA-2018:0115","https://access.redhat.com/errata/RHSA-2018:0349","https://access.redhat.com/errata/RHSA-2018:0351","https://access.redhat.com/errata/RHSA-2018:0352","https://access.redhat.com/errata/RHSA-2018:0458","https://access.redhat.com/errata/RHSA-2018:0521","https://access.redhat.com/errata/RHSA-2018:1463","https://access.redhat.com/errata/RHSA-2018:1812","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html","https://security.netapp.com/advisory/ntap-20180117-0001/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us","https://usn.ubuntu.com/3613-1/","https://usn.ubuntu.com/3614-1/","https://www.debian.org/security/2018/dsa-4144","https://www.debian.org/security/2018/dsa-4166"],"published_time":"2018-01-18T02:29:18","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-2562","summary":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).","cvss":7.1,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":7.1,"epss":0.00784,"ranking_epss":0.7372,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102713","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341","http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","http://www.securityfocus.com/bid/102713","http://www.securitytracker.com/id/1040216","https://access.redhat.com/errata/RHSA-2018:0587","https://access.redhat.com/errata/RHSA-2018:2439","https://access.redhat.com/errata/RHSA-2018:2729","https://access.redhat.com/errata/RHSA-2019:1258","https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html","https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html","https://security.netapp.com/advisory/ntap-20180117-0002/","https://usn.ubuntu.com/3537-1/","https://usn.ubuntu.com/3537-2/","https://www.debian.org/security/2018/dsa-4091","https://www.debian.org/security/2018/dsa-4341"],"published_time":"2018-01-18T02:29:17","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5344","summary":"In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.","cvss":7.8,"cvss_version":3.0,"cvss_v2":4.6,"cvss_v3":7.8,"epss":0.00064,"ranking_epss":0.20193,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5","http://www.securityfocus.com/bid/102503","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5","https://usn.ubuntu.com/3583-1/","https://usn.ubuntu.com/3583-2/","https://usn.ubuntu.com/3617-1/","https://usn.ubuntu.com/3617-2/","https://usn.ubuntu.com/3617-3/","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3632-1/","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5","http://www.securityfocus.com/bid/102503","https://access.redhat.com/errata/RHSA-2018:2948","https://access.redhat.com/errata/RHSA-2018:3083","https://access.redhat.com/errata/RHSA-2018:3096","https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5","https://usn.ubuntu.com/3583-1/","https://usn.ubuntu.com/3583-2/","https://usn.ubuntu.com/3617-1/","https://usn.ubuntu.com/3617-2/","https://usn.ubuntu.com/3617-3/","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3632-1/"],"published_time":"2018-01-12T09:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-5345","summary":"A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.","cvss":7.8,"cvss_version":3.0,"cvss_v2":6.8,"cvss_v3":7.8,"epss":0.00862,"ranking_epss":0.75025,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://access.redhat.com/errata/RHSA-2018:0350","https://bugzilla.redhat.com/show_bug.cgi?id=1527296","https://usn.ubuntu.com/3546-1/","https://www.debian.org/security/2018/dsa-4095","https://access.redhat.com/errata/RHSA-2018:0350","https://bugzilla.redhat.com/show_bug.cgi?id=1527296","https://usn.ubuntu.com/3546-1/","https://www.debian.org/security/2018/dsa-4095"],"published_time":"2018-01-12T00:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-17485","summary":"FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.79787,"ranking_epss":0.9909,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/archive/1/541652/100/0/threaded","https://access.redhat.com/errata/RHSA-2018:0116","https://access.redhat.com/errata/RHSA-2018:0342","https://access.redhat.com/errata/RHSA-2018:0478","https://access.redhat.com/errata/RHSA-2018:0479","https://access.redhat.com/errata/RHSA-2018:0480","https://access.redhat.com/errata/RHSA-2018:0481","https://access.redhat.com/errata/RHSA-2018:1447","https://access.redhat.com/errata/RHSA-2018:1448","https://access.redhat.com/errata/RHSA-2018:1449","https://access.redhat.com/errata/RHSA-2018:1450","https://access.redhat.com/errata/RHSA-2018:1451","https://access.redhat.com/errata/RHSA-2018:2930","https://access.redhat.com/errata/RHSA-2019:1782","https://access.redhat.com/errata/RHSA-2019:1797","https://access.redhat.com/errata/RHSA-2019:2858","https://access.redhat.com/errata/RHSA-2019:3149","https://access.redhat.com/errata/RHSA-2019:3892","https://github.com/FasterXML/jackson-databind/issues/1855","https://github.com/irsl/jackson-rce-via-spel/","https://security.netapp.com/advisory/ntap-20180201-0003/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us","https://www.debian.org/security/2018/dsa-4114","https://www.oracle.com/security-alerts/cpuoct2020.html","http://www.securityfocus.com/archive/1/541652/100/0/threaded","https://access.redhat.com/errata/RHSA-2018:0116","https://access.redhat.com/errata/RHSA-2018:0342","https://access.redhat.com/errata/RHSA-2018:0478","https://access.redhat.com/errata/RHSA-2018:0479","https://access.redhat.com/errata/RHSA-2018:0480","https://access.redhat.com/errata/RHSA-2018:0481","https://access.redhat.com/errata/RHSA-2018:1447","https://access.redhat.com/errata/RHSA-2018:1448","https://access.redhat.com/errata/RHSA-2018:1449","https://access.redhat.com/errata/RHSA-2018:1450","https://access.redhat.com/errata/RHSA-2018:1451","https://access.redhat.com/errata/RHSA-2018:2930","https://access.redhat.com/errata/RHSA-2019:1782","https://access.redhat.com/errata/RHSA-2019:1797","https://access.redhat.com/errata/RHSA-2019:2858","https://access.redhat.com/errata/RHSA-2019:3149","https://access.redhat.com/errata/RHSA-2019:3892","https://github.com/FasterXML/jackson-databind/issues/1855","https://github.com/irsl/jackson-rce-via-spel/","https://security.netapp.com/advisory/ntap-20180201-0003/","https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us","https://www.debian.org/security/2018/dsa-4114","https://www.oracle.com/security-alerts/cpuoct2020.html"],"published_time":"2018-01-10T18:29:01","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2018-4871","summary":"An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.0188,"ranking_epss":0.831,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102465","http://www.securitytracker.com/id/1040155","https://access.redhat.com/errata/RHSA-2018:0081","https://helpx.adobe.com/security/products/flash-player/apsb18-01.html","http://www.securityfocus.com/bid/102465","http://www.securitytracker.com/id/1040155","https://access.redhat.com/errata/RHSA-2018:0081","https://helpx.adobe.com/security/products/flash-player/apsb18-01.html"],"published_time":"2018-01-09T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-15129","summary":"A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.","cvss":4.7,"cvss_version":3.0,"cvss_v2":4.9,"cvss_v3":4.7,"epss":0.00078,"ranking_epss":0.23357,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0","http://seclists.org/oss-sec/2018/q1/7","http://www.securityfocus.com/bid/102485","https://access.redhat.com/errata/RHSA-2018:0654","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2019:1946","https://access.redhat.com/security/cve/CVE-2017-15129","https://bugzilla.redhat.com/show_bug.cgi?id=1531174","https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0","https://marc.info/?l=linux-netdev&m=151370451121029&w=2","https://marc.info/?t=151370468900001&r=1&w=2","https://usn.ubuntu.com/3617-1/","https://usn.ubuntu.com/3617-2/","https://usn.ubuntu.com/3617-3/","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3632-1/","https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0","http://seclists.org/oss-sec/2018/q1/7","http://www.securityfocus.com/bid/102485","https://access.redhat.com/errata/RHSA-2018:0654","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2019:1946","https://access.redhat.com/security/cve/CVE-2017-15129","https://bugzilla.redhat.com/show_bug.cgi?id=1531174","https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0","https://marc.info/?l=linux-netdev&m=151370451121029&w=2","https://marc.info/?t=151370468900001&r=1&w=2","https://usn.ubuntu.com/3617-1/","https://usn.ubuntu.com/3617-2/","https://usn.ubuntu.com/3617-3/","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3632-1/","https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11"],"published_time":"2018-01-09T19:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-18017","summary":"The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.3431,"ranking_epss":0.96966,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html","http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html","http://patchwork.ozlabs.org/patch/746618/","http://www.securityfocus.com/bid/102367","http://www.ubuntu.com/usn/USN-3583-1","http://www.ubuntu.com/usn/USN-3583-2","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2018:1130","https://access.redhat.com/errata/RHSA-2018:1170","https://access.redhat.com/errata/RHSA-2018:1319","https://access.redhat.com/errata/RHSA-2018:1737","https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765","https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://lkml.org/lkml/2017/4/2/13","https://support.f5.com/csp/article/K18352029","https://usn.ubuntu.com/3583-1/","https://usn.ubuntu.com/3583-2/","https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34","https://www.debian.org/security/2018/dsa-4187","https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html","http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html","http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html","http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html","http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html","http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00072.html","http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00014.html","http://patchwork.ozlabs.org/patch/746618/","http://www.securityfocus.com/bid/102367","http://www.ubuntu.com/usn/USN-3583-1","http://www.ubuntu.com/usn/USN-3583-2","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2018:1130","https://access.redhat.com/errata/RHSA-2018:1170","https://access.redhat.com/errata/RHSA-2018:1319","https://access.redhat.com/errata/RHSA-2018:1737","https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1739765","https://github.com/torvalds/linux/commit/2638fd0f92d4397884fd991d8f4925cb3f081901","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html","https://lkml.org/lkml/2017/4/2/13","https://security.netapp.com/advisory/ntap-20250103-0010/","https://support.f5.com/csp/article/K18352029","https://usn.ubuntu.com/3583-1/","https://usn.ubuntu.com/3583-2/","https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34","https://www.debian.org/security/2018/dsa-4187","https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36"],"published_time":"2018-01-03T06:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-16997","summary":"elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.","cvss":7.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":7.8,"epss":0.00878,"ranking_epss":0.75282,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102228","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3092","https://bugs.debian.org/884615","https://sourceware.org/bugzilla/show_bug.cgi?id=22625","https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html","http://www.securityfocus.com/bid/102228","https://access.redhat.com/errata/RHBA-2019:0327","https://access.redhat.com/errata/RHSA-2018:3092","https://bugs.debian.org/884615","https://sourceware.org/bugzilla/show_bug.cgi?id=22625","https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html"],"published_time":"2017-12-18T01:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-17405","summary":"Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.","cvss":8.8,"cvss_version":3.0,"cvss_v2":9.3,"cvss_v3":8.8,"epss":0.88646,"ranking_epss":0.99503,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102204","http://www.securitytracker.com/id/1042004","https://access.redhat.com/errata/RHSA-2018:0378","https://access.redhat.com/errata/RHSA-2018:0583","https://access.redhat.com/errata/RHSA-2018:0584","https://access.redhat.com/errata/RHSA-2018:0585","https://access.redhat.com/errata/RHSA-2019:2806","https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html","https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","https://www.debian.org/security/2018/dsa-4259","https://www.exploit-db.com/exploits/43381/","https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/","https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/","http://www.securityfocus.com/bid/102204","http://www.securitytracker.com/id/1042004","https://access.redhat.com/errata/RHSA-2018:0378","https://access.redhat.com/errata/RHSA-2018:0583","https://access.redhat.com/errata/RHSA-2018:0584","https://access.redhat.com/errata/RHSA-2018:0585","https://access.redhat.com/errata/RHSA-2019:2806","https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html","https://lists.debian.org/debian-lts-announce/2017/12/msg00025.html","https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","https://www.debian.org/security/2018/dsa-4259","https://www.exploit-db.com/exploits/43381/","https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/","https://www.ruby-lang.org/en/news/2017/12/14/ruby-2-4-3-released/"],"published_time":"2017-12-15T09:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-11305","summary":"A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.","cvss":6.5,"cvss_version":3.0,"cvss_v2":4.3,"cvss_v3":6.5,"epss":0.0247,"ranking_epss":0.85215,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/102139","http://www.securitytracker.com/id/1039986","https://access.redhat.com/errata/RHSA-2018:0081","https://helpx.adobe.com/security/products/flash-player/apsb17-42.html","http://www.securityfocus.com/bid/102139","http://www.securitytracker.com/id/1039986","https://access.redhat.com/errata/RHSA-2018:0081","https://helpx.adobe.com/security/products/flash-player/apsb17-42.html"],"published_time":"2017-12-13T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-1000407","summary":"The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.","cvss":7.4,"cvss_version":3.0,"cvss_v2":6.1,"cvss_v3":7.4,"epss":0.00458,"ranking_epss":0.63982,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.openwall.com/lists/oss-security/2017/12/04/2","http://www.securityfocus.com/bid/102038","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2019:1170","https://access.redhat.com/security/cve/cve-2017-1000407","https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html","https://usn.ubuntu.com/3583-1/","https://usn.ubuntu.com/3583-2/","https://usn.ubuntu.com/3617-1/","https://usn.ubuntu.com/3617-2/","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3632-1/","https://www.debian.org/security/2017/dsa-4073","https://www.debian.org/security/2018/dsa-4082","https://www.spinics.net/lists/kvm/msg159809.html","http://www.openwall.com/lists/oss-security/2017/12/04/2","http://www.securityfocus.com/bid/102038","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2019:1170","https://access.redhat.com/security/cve/cve-2017-1000407","https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html","https://usn.ubuntu.com/3583-1/","https://usn.ubuntu.com/3583-2/","https://usn.ubuntu.com/3617-1/","https://usn.ubuntu.com/3617-2/","https://usn.ubuntu.com/3619-1/","https://usn.ubuntu.com/3619-2/","https://usn.ubuntu.com/3632-1/","https://www.debian.org/security/2017/dsa-4073","https://www.debian.org/security/2018/dsa-4082","https://www.spinics.net/lists/kvm/msg159809.html"],"published_time":"2017-12-11T21:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-3112","summary":"An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.0968,"ranking_epss":0.929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13","http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13"],"published_time":"2017-12-09T06:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-3114","summary":"An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.0968,"ranking_epss":0.929,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13","http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13"],"published_time":"2017-12-09T06:29:03","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-11213","summary":"An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.11384,"ranking_epss":0.93535,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13","http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13"],"published_time":"2017-12-09T06:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-11215","summary":"An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.05822,"ranking_epss":0.90498,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13","http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13"],"published_time":"2017-12-09T06:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-11225","summary":"An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.","cvss":9.8,"cvss_version":3.0,"cvss_v2":10.0,"cvss_v3":9.8,"epss":0.05822,"ranking_epss":0.90498,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13","http://www.securityfocus.com/bid/101837","http://www.securitytracker.com/id/1039778","https://access.redhat.com/errata/RHSA-2017:3222","https://helpx.adobe.com/security/products/flash-player/apsb17-33.html","https://security.gentoo.org/glsa/201711-13"],"published_time":"2017-12-09T06:29:00","vendor":null,"product":null,"version":null},{"cve_id":"CVE-2017-1000410","summary":"The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).","cvss":7.5,"cvss_version":3.0,"cvss_v2":5.0,"cvss_v3":7.5,"epss":0.01922,"ranking_epss":0.83311,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["http://seclists.org/oss-sec/2017/q4/357","http://www.securityfocus.com/bid/102101","https://access.redhat.com/errata/RHSA-2018:0654","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2018:1130","https://access.redhat.com/errata/RHSA-2018:1170","https://access.redhat.com/errata/RHSA-2018:1319","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://usn.ubuntu.com/3933-1/","https://usn.ubuntu.com/3933-2/","https://www.debian.org/security/2017/dsa-4073","https://www.debian.org/security/2018/dsa-4082","http://seclists.org/oss-sec/2017/q4/357","http://www.securityfocus.com/bid/102101","https://access.redhat.com/errata/RHSA-2018:0654","https://access.redhat.com/errata/RHSA-2018:0676","https://access.redhat.com/errata/RHSA-2018:1062","https://access.redhat.com/errata/RHSA-2018:1130","https://access.redhat.com/errata/RHSA-2018:1170","https://access.redhat.com/errata/RHSA-2018:1319","https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","https://usn.ubuntu.com/3933-1/","https://usn.ubuntu.com/3933-2/","https://www.debian.org/security/2017/dsa-4073","https://www.debian.org/security/2018/dsa-4082"],"published_time":"2017-12-07T19:29:00","vendor":null,"product":null,"version":null}]}