Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-10471 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | N/A |
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754. | ||||
CVE-2018-10323 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-05 | N/A |
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. | ||||
CVE-2018-10242 | 2 Debian, Suricata-ids | 2 Debian Linux, Suricata | 2024-08-05 | N/A |
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check. | ||||
CVE-2018-10194 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-08-05 | N/A |
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | ||||
CVE-2018-10191 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2024-08-05 | 9.8 Critical |
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code. | ||||
CVE-2018-10195 | 3 Debian, Lrzsz Project, Suse | 5 Debian Linux, Lrzsz, Linux Enterprise Debuginfo and 2 more | 2024-08-05 | 7.1 High |
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. | ||||
CVE-2018-10120 | 4 Canonical, Debian, Libreoffice and 1 more | 7 Ubuntu Linux, Debian Linux, Libreoffice and 4 more | 2024-08-05 | N/A |
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. | ||||
CVE-2018-10101 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | ||||
CVE-2018-10119 | 4 Canonical, Debian, Libreoffice and 1 more | 7 Ubuntu Linux, Debian Linux, Libreoffice and 4 more | 2024-08-05 | N/A |
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. | ||||
CVE-2018-10001 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-08-05 | N/A |
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. | ||||
CVE-2018-10124 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-05 | N/A |
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. | ||||
CVE-2018-10087 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-05 | N/A |
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | ||||
CVE-2018-10102 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. | ||||
CVE-2018-10100 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | ||||
CVE-2018-10061 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-08-05 | 5.4 Medium |
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). | ||||
CVE-2018-10060 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-08-05 | 5.4 Medium |
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | ||||
CVE-2018-9989 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-08-05 | 7.5 High |
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | ||||
CVE-2018-9988 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-08-05 | 7.5 High |
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | ||||
CVE-2018-9846 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-08-05 | N/A |
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism. | ||||
CVE-2018-9263 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. |