Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 9127 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-9265 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
CVE-2018-9264 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.
CVE-2018-9263 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.
CVE-2018-9262 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.
CVE-2018-9261 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
CVE-2018-9260 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.
CVE-2018-9259 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.
CVE-2018-9258 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources.
CVE-2018-9256 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth.
CVE-2018-9251 2 Debian, Xmlsoft 2 Debian Linux, Libxml2 2024-11-21 2.6 LOW 5.3 MEDIUM
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
CVE-2018-9240 3 Canonical, Debian, Ncmpc Project 3 Ubuntu Linux, Debian Linux, Ncmpc 2024-11-21 5.0 MEDIUM 7.5 HIGH
ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.
CVE-2018-9132 2 Debian, Libming 2 Debian Linux, Libming 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.
CVE-2018-9018 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
CVE-2018-9009 2 Debian, Libming 2 Debian Linux, Libming 2024-11-21 6.8 MEDIUM 8.8 HIGH
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.
CVE-2018-8976 3 Debian, Exiv2, Redhat 5 Debian Linux, Exiv2, Enterprise Linux Desktop and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
CVE-2018-8971 2 Debian, Gitlab 2 Debian Linux, Gitlab 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users.
CVE-2018-8905 4 Canonical, Debian, Libtiff and 1 more 6 Ubuntu Linux, Debian Linux, Libtiff and 3 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVE-2018-8897 8 Apple, Canonical, Citrix and 5 more 11 Mac Os X, Ubuntu Linux, Xenserver and 8 more 2024-11-21 7.2 HIGH 7.8 HIGH
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
CVE-2018-8828 2 Debian, Kamailio 2 Debian Linux, Kamailio 2024-11-21 7.5 HIGH 9.8 CRITICAL
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.
CVE-2018-8822 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 7.2 HIGH 7.8 HIGH
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.