Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8867 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-7867 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-08-05 | N/A |
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack. | ||||
CVE-2018-7876 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-08-05 | N/A |
In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. | ||||
CVE-2018-7870 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-08-05 | N/A |
An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | ||||
CVE-2018-7872 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-08-05 | N/A |
An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | ||||
CVE-2018-7752 | 3 Canonical, Debian, Gpac | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-08-05 | N/A |
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100. | ||||
CVE-2018-7750 | 3 Debian, Paramiko, Redhat | 18 Debian Linux, Paramiko, Ansible Engine and 15 more | 2024-08-05 | 9.8 Critical |
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. | ||||
CVE-2018-7740 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2024-08-05 | N/A |
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. | ||||
CVE-2018-7730 | 4 Canonical, Debian, Exempi Project and 1 more | 4 Ubuntu Linux, Debian Linux, Exempi and 1 more | 2024-08-05 | N/A |
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. | ||||
CVE-2018-7728 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2024-08-05 | N/A |
An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. | ||||
CVE-2018-7711 | 2 Debian, Simplesamlphp | 3 Debian Linux, Saml2, Simplesamlphp | 2024-08-05 | N/A |
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value. | ||||
CVE-2018-7584 | 4 Canonical, Debian, Php and 1 more | 5 Ubuntu Linux, Debian Linux, Php and 2 more | 2024-08-05 | N/A |
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. | ||||
CVE-2018-7600 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-08-05 | N/A |
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | ||||
CVE-2018-7542 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | N/A |
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC. | ||||
CVE-2018-7556 | 2 Debian, Limesurvey | 2 Debian Linux, Limesurvey | 2024-08-05 | N/A |
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file. | ||||
CVE-2018-7566 | 6 Canonical, Debian, Linux and 3 more | 16 Ubuntu Linux, Debian Linux, Linux Kernel and 13 more | 2024-08-05 | N/A |
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. | ||||
CVE-2018-7550 | 4 Canonical, Debian, Qemu and 1 more | 11 Ubuntu Linux, Debian Linux, Qemu and 8 more | 2024-08-05 | 8.8 High |
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | ||||
CVE-2018-7537 | 4 Canonical, Debian, Djangoproject and 1 more | 6 Ubuntu Linux, Debian Linux, Django and 3 more | 2024-08-05 | N/A |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | ||||
CVE-2018-7554 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2024-08-05 | N/A |
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||||
CVE-2018-7557 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-08-05 | 6.5 Medium |
The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 through 3.4.2 allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. | ||||
CVE-2018-7551 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2024-08-05 | N/A |
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. |