CVE search results

261 – 270 of 500 results

Detailed view

Sort by:

CVE-2018-9861

Medium priority

Some fixes available 2 of 8

Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows...

1 affected package

ckeditor

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ckeditor	—	Not affected	Not affected	Fixed

CVE-2018-8107

Negligible priority

Vulnerable

The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

4 affected packages

libextractor, ipe, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libextractor	Not affected	Not affected	Not affected	Not affected
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poppler	Not affected	Not affected	Not affected	Not affected
xpdf	Vulnerable	Vulnerable	Not in release	Vulnerable

CVE-2018-8106

Negligible priority

Vulnerable

The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libextractor	Not affected	Not affected	Not affected	Not affected
poppler	Not affected	Not affected	Not affected	Not affected
xpdf	Vulnerable	Vulnerable	Not in release	Vulnerable

CVE-2018-8105

Negligible priority

Vulnerable

The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

4 affected packages

libextractor, ipe, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libextractor	Not affected	Not affected	Not affected	Not affected
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poppler	Not affected	Not affected	Not affected	Not affected
xpdf	Vulnerable	Vulnerable	Not in release	Vulnerable

CVE-2018-8104

Negligible priority

Vulnerable

The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

4 affected packages

xpdf, libextractor, ipe, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	Vulnerable	Vulnerable	Not in release	Vulnerable
libextractor	Not affected	Not affected	Not affected	Not affected
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poppler	Not affected	Not affected	Not affected	Not affected

CVE-2018-8103

Negligible priority

Vulnerable

The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libextractor	Not affected	Not affected	Not affected	Not affected
poppler	Not affected	Not affected	Not affected	Not affected
xpdf	Vulnerable	Vulnerable	Not in release	Vulnerable

CVE-2018-8102

Negligible priority

Vulnerable

The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

4 affected packages

libextractor, poppler, ipe, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libextractor	Not affected	Not affected	Not affected	Not affected
poppler	Not affected	Not affected	Not affected	Not affected
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xpdf	Vulnerable	Vulnerable	Not in release	Vulnerable

CVE-2018-8101

Negligible priority

Vulnerable

The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libextractor	Not affected	Not affected	Not affected	Not affected
poppler	Not affected	Not affected	Not affected	Not affected
xpdf	Vulnerable	Vulnerable	Not in release	Vulnerable

CVE-2018-8100

Negligible priority

Vulnerable

The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file,...

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libextractor	Not affected	Not affected	Not affected	Not affected
poppler	Not affected	Not affected	Not affected	Not affected
xpdf	Vulnerable	Vulnerable	Not in release	Vulnerable

CVE-2018-0491

Medium priority

Some fixes available 1 of 2

A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.

1 affected package

tor

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tor	—	—	—	Fixed

Export to JSON

Results by page:

Search CVE reports