Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20184 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-08-05 | N/A |
| In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. | ||||
| CVE-2018-20189 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-08-05 | N/A |
| In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. | ||||
| CVE-2018-20199 | 2 Audiocoding, Debian | 2 Freeware Advanced Audio Decoder 2, Debian Linux | 2024-08-05 | 5.5 Medium |
| A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the ONLY_LONG_SEQUENCE case. | ||||
| CVE-2018-20181 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-08-05 | N/A |
| rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution. | ||||
| CVE-2018-20177 | 3 Debian, Opensuse, Rdesktop | 4 Debian Linux, Backports, Leap and 1 more | 2024-08-05 | 9.8 Critical |
| rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | ||||
| CVE-2018-20178 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-08-05 | N/A |
| rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). | ||||
| CVE-2018-20180 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-08-05 | N/A |
| rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. | ||||
| CVE-2018-20185 | 3 Canonical, Debian, Graphicsmagick | 3 Ubuntu Linux, Debian Linux, Graphicsmagick | 2024-08-05 | 5.3 Medium |
| In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. | ||||
| CVE-2018-20150 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
| In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. | ||||
| CVE-2018-20169 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-08-05 | 6.8 Medium |
| An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. | ||||
| CVE-2018-20151 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
| In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default. | ||||
| CVE-2018-20149 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
| In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. | ||||
| CVE-2018-20175 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2024-08-05 | N/A |
| rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | ||||
| CVE-2018-20152 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
| In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. | ||||
| CVE-2018-20148 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
| In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. | ||||
| CVE-2018-20147 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
| In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. | ||||
| CVE-2018-20153 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
| In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. | ||||
| CVE-2018-20097 | 4 Debian, Exiv2, Fedoraproject and 1 more | 7 Debian Linux, Exiv2, Fedora and 4 more | 2024-08-05 | 6.5 Medium |
| There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | ||||
| CVE-2018-20021 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-08-05 | N/A |
| LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM | ||||
| CVE-2018-20024 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-08-05 | N/A |
| LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | ||||