Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-20022 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-08-05 | N/A |
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR | ||||
CVE-2018-20023 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-08-05 | N/A |
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR | ||||
CVE-2018-20020 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-08-05 | N/A |
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution | ||||
CVE-2018-20019 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-08-05 | 9.8 Critical |
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution | ||||
CVE-2018-20004 | 3 Debian, Fedoraproject, Mini-xml Project | 3 Debian Linux, Fedora, Mini-xml | 2024-08-05 | 8.8 High |
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. | ||||
CVE-2018-19961 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2024-08-05 | N/A |
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. | ||||
CVE-2018-19970 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2024-08-05 | N/A |
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | ||||
CVE-2018-19985 | 4 Debian, Linux, Netapp and 1 more | 6 Debian Linux, Linux Kernel, Active Iq Performance Analytics Services and 3 more | 2024-08-05 | N/A |
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. | ||||
CVE-2018-19935 | 2 Debian, Php | 2 Debian Linux, Php | 2024-08-05 | 7.5 High |
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. | ||||
CVE-2018-19965 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2024-08-05 | N/A |
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation. | ||||
CVE-2018-19968 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2024-08-05 | N/A |
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. | ||||
CVE-2018-19962 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2024-08-05 | N/A |
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. | ||||
CVE-2018-19966 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | N/A |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595. | ||||
CVE-2018-19967 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | N/A |
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. | ||||
CVE-2018-19824 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-08-05 | N/A |
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | ||||
CVE-2018-19873 | 4 Debian, Opensuse, Qt and 1 more | 4 Debian Linux, Leap, Qt and 1 more | 2024-08-05 | N/A |
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. | ||||
CVE-2018-19870 | 4 Debian, Opensuse, Qt and 1 more | 4 Debian Linux, Leap, Qt and 1 more | 2024-08-05 | N/A |
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. | ||||
CVE-2018-19857 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2024-08-05 | N/A |
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak. | ||||
CVE-2018-19841 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-05 | 5.5 Medium |
The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. | ||||
CVE-2018-19789 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2024-08-05 | N/A |
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `string` in a setter method (e.g. `setName(string $name)`) of a class that's the `data_class` of a form, and when a file upload is submitted to the corresponding field instead of a normal text input, then `UploadedFile::__toString()` is called which will then return and disclose the path of the uploaded file. If combined with a local file inclusion issue in certain circumstances this could escalate it to a Remote Code Execution. |