Debian

Debian Linux

9213 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-5717

Exploit
  • EPSS 0.29%
  • Published 08.01.2019 23:29:00
  • Last modified 21.11.2024 04:45:23

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.

5.5

CVE-2019-5718

Exploit
  • EPSS 0.29%
  • Published 08.01.2019 23:29:00
  • Last modified 21.11.2024 04:45:23

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.

5.5

CVE-2019-5719

Exploit
  • EPSS 0.14%
  • Published 08.01.2019 23:29:00
  • Last modified 21.11.2024 04:45:23

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.

7.5

CVE-2018-1320

  • EPSS 0.11%
  • Published 07.01.2019 17:29:00
  • Last modified 21.11.2024 03:59:37

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed co...

4.9

CVE-2019-3701

Exploit
  • EPSS 0.05%
  • Published 03.01.2019 16:29:00
  • Last modified 21.11.2024 04:42:21

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_AD...

5.3

CVE-2018-16876

  • EPSS 1.01%
  • Published 03.01.2019 15:29:01
  • Last modified 21.11.2024 03:53:30

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

6.5

CVE-2018-20662

  • EPSS 0.45%
  • Published 03.01.2019 13:29:00
  • Last modified 21.11.2024 04:01:57

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is m...

5.5

CVE-2018-19478

  • EPSS 0.67%
  • Published 02.01.2019 18:29:01
  • Last modified 21.11.2024 03:57:59

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.

9.8

CVE-2018-14718

  • EPSS 9.37%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:39

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.

9.8

CVE-2018-14719

  • EPSS 2.19%
  • Published 02.01.2019 18:29:00
  • Last modified 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.