Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8867 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-17402 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2024-08-05 | 6.5 Medium |
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size. | ||||
CVE-2019-17349 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 5.5 Medium |
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | ||||
CVE-2019-17346 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 8.8 High |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. | ||||
CVE-2019-17342 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 7.0 High |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced. | ||||
CVE-2019-17343 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 6.8 Medium |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. | ||||
CVE-2019-17361 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-08-05 | 9.8 Critical |
In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. | ||||
CVE-2019-17358 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Leap | 2024-08-05 | 8.1 High |
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. | ||||
CVE-2019-17362 | 2 Debian, Libtom | 2 Debian Linux, Libtomcrypt | 2024-08-05 | 9.1 Critical |
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data. | ||||
CVE-2019-17344 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 6.5 Medium |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. | ||||
CVE-2019-17348 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 6.5 Medium |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. | ||||
CVE-2019-17341 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 7.8 High |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device. | ||||
CVE-2019-17340 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 8.8 High |
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. | ||||
CVE-2019-17345 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 6.5 Medium |
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. | ||||
CVE-2019-17347 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-08-05 | 7.8 High |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). | ||||
CVE-2019-17267 | 5 Debian, Fasterxml, Netapp and 2 more | 21 Debian Linux, Jackson-databind, Active Iq Unified Manager and 18 more | 2024-08-05 | 9.8 Critical |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. | ||||
CVE-2019-17133 | 5 Canonical, Debian, Linux and 2 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2024-08-05 | 9.8 Critical |
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. | ||||
CVE-2019-17055 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-08-05 | 3.3 Low |
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. | ||||
CVE-2019-17052 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-05 | 3.3 Low |
ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. | ||||
CVE-2019-17024 | 5 Canonical, Debian, Mozilla and 2 more | 13 Ubuntu Linux, Debian Linux, Firefox and 10 more | 2024-08-05 | 8.8 High |
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | ||||
CVE-2019-17017 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-08-05 | 8.8 High |
Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. |