Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14349 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. | ||||
| CVE-2018-14346 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2024-08-05 | N/A |
| GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). | ||||
| CVE-2018-14342 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. | ||||
| CVE-2018-14353 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2024-08-05 | 9.8 Critical |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. | ||||
| CVE-2018-14340 | 3 Debian, Redhat, Wireshark | 3 Debian Linux, Enterprise Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. | ||||
| CVE-2018-14341 | 3 Debian, Redhat, Wireshark | 3 Debian Linux, Enterprise Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. | ||||
| CVE-2018-14343 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. | ||||
| CVE-2018-14337 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2024-08-05 | 7.5 High |
| The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. | ||||
| CVE-2018-14339 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. | ||||
| CVE-2018-14040 | 3 Debian, Getbootstrap, Redhat | 6 Debian Linux, Bootstrap, Enterprise Linux and 3 more | 2024-08-05 | N/A |
| In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | ||||
| CVE-2018-14056 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-08-05 | N/A |
| ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | ||||
| CVE-2018-14055 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-08-05 | N/A |
| ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | ||||
| CVE-2018-13982 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-08-05 | 7.5 High |
| Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. | ||||
| CVE-2018-13988 | 4 Canonical, Debian, Freedesktop and 1 more | 9 Ubuntu Linux, Debian Linux, Poppler and 6 more | 2024-08-05 | N/A |
| Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. | ||||
| CVE-2018-13405 | 6 Canonical, Debian, F5 and 3 more | 34 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 31 more | 2024-08-05 | 7.8 High |
| The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. | ||||
| CVE-2018-13406 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-05 | 7.8 High |
| An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. | ||||
| CVE-2018-13300 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-08-05 | N/A |
| In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | ||||
| CVE-2018-13302 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-08-05 | N/A |
| In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. | ||||
| CVE-2018-13099 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-08-05 | 5.5 Medium |
| An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. | ||||
| CVE-2018-13139 | 3 Debian, Libsndfile Project, Redhat | 3 Debian Linux, Libsndfile, Enterprise Linux | 2024-08-05 | N/A |
| A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. | ||||