Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19787 | 3 Canonical, Debian, Lxml | 3 Ubuntu Linux, Debian Linux, Lxml | 2024-08-05 | N/A |
| An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. | ||||
| CVE-2018-19790 | 3 Debian, Fedoraproject, Sensiolabs | 3 Debian Linux, Fedora, Symfony | 2024-08-05 | N/A |
| An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. | ||||
| CVE-2018-19758 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-08-05 | N/A |
| There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | ||||
| CVE-2018-19662 | 3 Debian, Libsndfile Project, Redhat | 3 Debian Linux, Libsndfile, Enterprise Linux | 2024-08-05 | N/A |
| An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. | ||||
| CVE-2018-19661 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-08-05 | N/A |
| An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. | ||||
| CVE-2018-19628 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. | ||||
| CVE-2018-19622 | 3 Debian, Redhat, Wireshark | 3 Debian Linux, Enterprise Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. | ||||
| CVE-2018-19626 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. | ||||
| CVE-2018-19625 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. | ||||
| CVE-2018-19623 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. | ||||
| CVE-2018-19627 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. | ||||
| CVE-2018-19624 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. | ||||
| CVE-2018-19518 | 4 Canonical, Debian, Php and 1 more | 4 Ubuntu Linux, Debian Linux, Php and 1 more | 2024-08-05 | 7.5 High |
| University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. | ||||
| CVE-2018-19535 | 4 Canonical, Debian, Exiv2 and 1 more | 7 Ubuntu Linux, Debian Linux, Exiv2 and 4 more | 2024-08-05 | 6.5 Medium |
| In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file. | ||||
| CVE-2018-19543 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2024-08-05 | N/A |
| An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. | ||||
| CVE-2018-19361 | 4 Debian, Fasterxml, Oracle and 1 more | 22 Debian Linux, Jackson-databind, Business Process Management Suite and 19 more | 2024-08-05 | N/A |
| FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | ||||
| CVE-2018-19539 | 4 Debian, Jasper Project, Opensuse and 1 more | 5 Debian Linux, Jasper, Leap and 2 more | 2024-08-05 | N/A |
| An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service. | ||||
| CVE-2018-19541 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2024-08-05 | N/A |
| An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c. | ||||
| CVE-2018-19542 | 5 Canonical, Debian, Jasper Project and 2 more | 6 Ubuntu Linux, Debian Linux, Jasper and 3 more | 2024-08-05 | N/A |
| An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service. | ||||
| CVE-2018-19492 | 3 Debian, Gnuplot, Opensuse | 3 Debian Linux, Gnuplot, Leap | 2024-08-05 | N/A |
| An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. | ||||