Filtered by vendor Debian
Subscribe
Total
9264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6031 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2018-6003 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libtasn1 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS. | |||||
| CVE-2018-5968 | 4 Debian, Fasterxml, Netapp and 1 more | 10 Debian Linux, Jackson-databind, E-series Santricity Os Controller and 7 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | |||||
| CVE-2018-5953 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. | |||||
| CVE-2018-5950 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Mailman and 6 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | |||||
| CVE-2018-5848 | 3 Debian, Google, Redhat | 6 Debian Linux, Android, Enterprise Linux Desktop and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5819 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources. | |||||
| CVE-2018-5818 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. | |||||
| CVE-2018-5817 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. | |||||
| CVE-2018-5814 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. | |||||
| CVE-2018-5808 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code. | |||||
| CVE-2018-5803 | 3 Debian, Linux, Redhat | 6 Debian Linux, Linux Kernel, Enterprise Linux Desktop and 3 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. | |||||
| CVE-2018-5802 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | |||||
| CVE-2018-5801 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. | |||||
| CVE-2018-5800 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. | |||||
| CVE-2018-5786 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. | |||||
| CVE-2018-5785 | 3 Canonical, Debian, Uclouvain | 3 Ubuntu Linux, Debian Linux, Openjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | |||||
| CVE-2018-5784 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries. | |||||
| CVE-2018-5764 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Rsync | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. | |||||
| CVE-2018-5750 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. | |||||