Filtered by vendor Debian
Subscribe
Search
Total
2612 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6307 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2019-10-31 | 6.8 MEDIUM | 8.1 HIGH |
| LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. | |||||
| CVE-2018-15909 | 5 Artifex, Canonical, Debian and 2 more | 11 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 8 more | 2019-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | |||||
| CVE-2018-9009 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-10-12 | 6.8 MEDIUM | 8.8 HIGH |
| In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. | |||||
| CVE-2019-6338 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-10-09 | 6.0 MEDIUM | 8.0 HIGH |
| In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details | |||||
| CVE-2018-5381 | 4 Canonical, Debian, Quagga and 1 more | 5 Ubuntu Linux, Debian Linux, Quagga and 2 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. | |||||
| CVE-2018-6555 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. | |||||
| CVE-2018-3710 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | |||||
| CVE-2018-3760 | 3 Debian, Redhat, Sprockets Project | 4 Debian Linux, Cloudforms, Enterprise Linux and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. | |||||
| CVE-2018-1087 | 4 Canonical, Debian, Linux and 1 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. | |||||
| CVE-2018-1086 | 3 Clusterlabs, Debian, Redhat | 3 Pacemaker Command Line Interface, Debian Linux, Enterprise Linux Server Eus | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege. | |||||
| CVE-2018-1089 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, 389 Directory Server, Enterprise Linux Desktop and 2 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | |||||
| CVE-2018-1053 | 4 Canonical, Debian, Postgresql and 1 more | 4 Ubuntu Linux, Debian Linux, Postgresql and 1 more | 2019-10-09 | 3.3 LOW | 7.0 HIGH |
| In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. | |||||
| CVE-2018-14648 | 3 Debian, Fedoraproject, Redhat | 3 Debian Linux, 389 Directory Server, Enterprise Linux | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. | |||||
| CVE-2018-10873 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 8 more | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. | |||||
| CVE-2018-10859 | 2 Debian, Git-annex Project | 2 Debian Linux, Git-annex | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex | |||||
| CVE-2018-10879 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2019-10-09 | 6.1 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. | |||||
| CVE-2018-10861 | 4 Ceph, Debian, Opensuse and 1 more | 9 Ceph, Debian Linux, Leap and 6 more | 2019-10-09 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected. | |||||
| CVE-2018-10902 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. | |||||
| CVE-2018-10852 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, Sssd, Enterprise Linux Desktop and 2 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. | |||||
| CVE-2018-10857 | 2 Debian, Git-annex Project | 2 Debian Linux, Git-annex | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN. | |||||
| CVE-2018-10871 | 2 Debian, Fedoraproject | 2 Debian Linux, 389 Directory Server | 2019-10-09 | 4.0 MEDIUM | 7.2 HIGH |
| 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords. | |||||
| CVE-2017-7652 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2019-10-09 | 6.0 MEDIUM | 7.5 HIGH |
| In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail. | |||||
| CVE-2017-7482 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Mrg | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. | |||||
| CVE-2017-7518 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. | |||||
| CVE-2017-7558 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. | |||||
| CVE-2017-7651 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. | |||||
| CVE-2017-2669 | 2 Debian, Dovecot | 2 Debian Linux, Dovecot | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang. | |||||
| CVE-2017-3145 | 4 Debian, Isc, Netapp and 1 more | 9 Debian Linux, Bind, Data Ontap Edge and 6 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. | |||||
| CVE-2017-3137 | 4 Debian, Isc, Netapp and 1 more | 11 Debian Linux, Bind, Data Ontap Edge and 8 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. | |||||
| CVE-2017-2670 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | |||||
| CVE-2017-2619 | 3 Debian, Redhat, Samba | 3 Debian Linux, Enterprise Linux, Samba | 2019-10-09 | 6.0 MEDIUM | 7.5 HIGH |
| Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. | |||||
| CVE-2017-2624 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 1.9 LOW | 7.0 HIGH |
| It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. | |||||
| CVE-2017-15120 | 2 Debian, Powerdns | 2 Debian Linux, Recursor | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service. | |||||
| CVE-2017-15119 | 4 Canonical, Debian, Qemu and 1 more | 4 Ubuntu Linux, Debian Linux, Qemu and 1 more | 2019-10-09 | 5.0 MEDIUM | 8.6 HIGH |
| The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. | |||||
| CVE-2017-15132 | 3 Canonical, Debian, Dovecot | 3 Ubuntu Linux, Debian Linux, Dovecot | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion. | |||||
| CVE-2017-12150 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. | |||||
| CVE-2017-12151 | 4 Debian, Hp, Redhat and 1 more | 8 Debian Linux, Cifs Server, Enterprise Linux and 5 more | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. | |||||
| CVE-2017-12163 | 3 Debian, Redhat, Samba | 7 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2019-10-09 | 4.8 MEDIUM | 7.1 HIGH |
| An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. | |||||
| CVE-2017-0926 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login. | |||||
| CVE-2017-0901 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2019-10-09 | 6.4 MEDIUM | 7.5 HIGH |
| RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | |||||
| CVE-2017-0925 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 4.0 MEDIUM | 7.2 HIGH |
| Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password. | |||||
| CVE-2017-0918 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | |||||
| CVE-2017-0902 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | |||||
| CVE-2016-9578 | 3 Debian, Redhat, Spice Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. | |||||
| CVE-2016-9597 | 5 Canonical, Debian, Hp and 2 more | 6 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 3 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. | |||||
| CVE-2016-9602 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. | |||||
| CVE-2016-9577 | 3 Debian, Redhat, Spice Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. | |||||
| CVE-2016-8654 | 3 Debian, Jasper Project, Redhat | 7 Debian Linux, Jasper, Enterprise Linux Desktop and 4 more | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. | |||||
| CVE-2016-7068 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour. | |||||
| CVE-2016-7072 | 2 Debian, Powerdns | 2 Debian Linux, Authoritative | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible. | |||||