Filtered by vendor Debian
Subscribe
Search
Total
788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19360 | 4 Debian, Fasterxml, Oracle and 1 more | 12 Debian Linux, Jackson-databind, Business Process Management Suite and 9 more | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | |||||
| CVE-2018-14599 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | |||||
| CVE-2018-20181 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. | |||||
| CVE-2018-6797 | 4 Canonical, Debian, Perl and 1 more | 5 Ubuntu Linux, Debian Linux, Perl and 2 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. | |||||
| CVE-2018-6913 | 3 Canonical, Debian, Perl | 3 Ubuntu Linux, Debian Linux, Perl | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. | |||||
| CVE-2018-19115 | 3 Debian, Keepalived, Redhat | 7 Debian Linux, Keepalived, Enterprise Linux Server and 4 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. | |||||
| CVE-2018-7553 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | |||||
| CVE-2018-18498 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2018-14357 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. | |||||
| CVE-2018-0488 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. | |||||
| CVE-2018-8828 | 2 Debian, Kamailio | 2 Debian Linux, Kamailio | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c. | |||||
| CVE-2019-11006 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Leap | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. | |||||
| CVE-2018-14354 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. | |||||
| CVE-2019-11068 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxslt | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | |||||
| CVE-2019-11187 | 2 Debian, Gonicus | 2 Debian Linux, Gosa | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. | |||||
| CVE-2018-18311 | 8 Apple, Canonical, Debian and 5 more | 18 Mac Os X, Ubuntu Linux, Debian Linux and 15 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||||
| CVE-2018-1000116 | 2 Debian, Net-snmp | 2 Debian Linux, Net-snmp | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. | |||||
| CVE-2019-12046 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| LemonLDAP::NG -2.0.3 has Incorrect Access Control. | |||||
| CVE-2019-12468 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. | |||||
| CVE-2018-17462 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2020-08-24 | 6.8 MEDIUM | 9.6 CRITICAL |
| Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2018-17456 | 4 Canonical, Debian, Git-scm and 1 more | 11 Ubuntu Linux, Debian Linux, Git and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. | |||||
| CVE-2019-12594 | 2 Debian, Dosbox | 2 Debian Linux, Dosbox | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| DOSBox 0.74-2 has Incorrect Access Control. | |||||
| CVE-2019-13132 | 3 Canonical, Debian, Zeromq | 3 Ubuntu Linux, Debian Linux, Libzmq | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations. | |||||
| CVE-2019-13273 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter. | |||||
| CVE-2018-1000140 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. | |||||
| CVE-2019-13455 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the alert acknowledgment CGI tool because of expansion in acknowledge.c. | |||||
| CVE-2018-17141 | 2 Debian, Hylafax | 3 Debian Linux, Hylafax, Hylafax\+ | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file. | |||||
| CVE-2019-13485 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c. | |||||
| CVE-2019-13486 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Xymon through 4.3.28, a stack-based buffer overflow exists in the status-log viewer component because of expansion in svcstatus.c. | |||||
| CVE-2018-16657 | 2 Debian, Kamailio | 2 Debian Linux, Kamailio | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code. | |||||
| CVE-2018-1000544 | 3 Debian, Redhat, Rubyzip Project | 3 Debian Linux, Cloudforms, Rubyzip | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. | |||||
| CVE-2019-14809 | 2 Debian, Golang | 2 Debian Linux, Go | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com. | |||||
| CVE-2019-15846 | 2 Debian, Exim | 2 Debian Linux, Exim | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | |||||
| CVE-2018-15494 | 2 Debian, Dojotoolkit | 2 Debian Linux, Dojo | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. | |||||
| CVE-2019-17361 | 3 Debian, Opensuse, Saltstack | 3 Debian Linux, Leap, Salt | 2020-08-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. | |||||
| CVE-2019-19012 | 4 Debian, Fedoraproject, Oniguruma Project and 1 more | 4 Debian Linux, Fedora, Oniguruma and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. | |||||
| CVE-2018-11531 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | |||||
| CVE-2018-12601 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. | |||||
| CVE-2019-6256 | 2 Debian, Live555 | 2 Debian Linux, Live555 Media Server | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. | |||||
| CVE-2018-5095 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | |||||
| CVE-2010-0748 | 3 Debian, Linux, Transmissionbt | 3 Debian Linux, Linux Kernel, Transmission | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. | |||||
| CVE-2013-1910 | 2 Baseurl, Debian | 2 Yum, Debian Linux | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. | |||||
| CVE-2019-10197 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2020-08-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share. | |||||
| CVE-2007-0899 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible heap overflow in libclamav/fsg.c before 0.100.0. | |||||
| CVE-2019-15941 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the target RP, and no filtering on redirection URIs. | |||||
| CVE-2010-1205 | 10 Apple, Canonical, Debian and 7 more | 17 Iphone Os, Itunes, Mac Os X and 14 more | 2020-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | |||||
| CVE-2014-1493 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2020-08-11 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-1486 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2020-08-07 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. | |||||
| CVE-2014-1477 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2020-08-07 | 6.8 MEDIUM | 9.8 CRITICAL |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2014-1532 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2020-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. | |||||