Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-19139 | 3 Debian, Jasper Project, Redhat | 3 Debian Linux, Jasper, Fedora | 2024-08-05 | N/A |
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | ||||
CVE-2018-19115 | 3 Debian, Keepalived, Redhat | 9 Debian Linux, Keepalived, Enterprise Linux and 6 more | 2024-08-05 | N/A |
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap. | ||||
CVE-2018-19296 | 4 Debian, Fedoraproject, Phpmailer Project and 1 more | 4 Debian Linux, Fedora, Phpmailer and 1 more | 2024-08-05 | 8.8 High |
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. | ||||
CVE-2018-19143 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-08-05 | N/A |
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | ||||
CVE-2018-19198 | 3 Debian, Redhat, Uriparser Project | 3 Debian Linux, Enterprise Linux, Uriparser | 2024-08-05 | N/A |
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts. | ||||
CVE-2018-19108 | 4 Canonical, Debian, Exiv2 and 1 more | 7 Ubuntu Linux, Debian Linux, Exiv2 and 4 more | 2024-08-05 | 6.5 Medium |
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | ||||
CVE-2018-19052 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Backports Sle and 2 more | 2024-08-05 | 7.5 High |
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. | ||||
CVE-2018-19200 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-08-05 | N/A |
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. | ||||
CVE-2018-19132 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2024-08-05 | N/A |
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | ||||
CVE-2018-19134 | 3 Artifex, Debian, Redhat | 8 Ghostscript, Debian Linux, Enterprise Linux and 5 more | 2024-08-05 | N/A |
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type. | ||||
CVE-2018-19107 | 4 Canonical, Debian, Exiv2 and 1 more | 7 Ubuntu Linux, Debian Linux, Exiv2 and 4 more | 2024-08-05 | 6.5 Medium |
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | ||||
CVE-2018-19058 | 4 Canonical, Debian, Freedesktop and 1 more | 7 Ubuntu Linux, Debian Linux, Poppler and 4 more | 2024-08-05 | 6.5 Medium |
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. | ||||
CVE-2018-18873 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2024-08-05 | 5.5 Medium |
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | ||||
CVE-2018-18897 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-08-05 | 6.5 Medium |
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | ||||
CVE-2018-18820 | 2 Debian, Xiph | 2 Debian Linux, Icecast | 2024-08-05 | N/A |
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. | ||||
CVE-2018-18898 | 4 Bestpractical, Canonical, Debian and 1 more | 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more | 2024-08-05 | 7.5 High |
The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. | ||||
CVE-2018-18710 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-05 | N/A |
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. | ||||
CVE-2018-18690 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-08-05 | N/A |
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. | ||||
CVE-2018-18718 | 2 Debian, Gnome | 2 Debian Linux, Gthumb | 2024-08-05 | N/A |
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. | ||||
CVE-2018-18607 | 3 Debian, Gnu, Netapp | 3 Debian Linux, Binutils, Data Ontap | 2024-08-05 | N/A |
An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. |