Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-11759

  • EPSS 94.24%
  • Veröffentlicht 31.10.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:58

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs sup...

6.5

CVE-2018-14661

  • EPSS 2.57%
  • Veröffentlicht 31.10.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:32

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remot...

6.5

CVE-2018-14652

  • EPSS 2.3%
  • Veröffentlicht 31.10.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:30

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could ex...

8.8

CVE-2018-14653

  • EPSS 1.52%
  • Veröffentlicht 31.10.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:30

The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of ser...

8.5

CVE-2018-14654

  • EPSS 2.02%
  • Veröffentlicht 31.10.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:31

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on t...

6.5

CVE-2018-14659

  • EPSS 2.14%
  • Veröffentlicht 31.10.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:31

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly cal...

9.1

CVE-2018-16842

  • EPSS 0.16%
  • Veröffentlicht 31.10.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:25

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

9.8

CVE-2018-16839

  • EPSS 0.35%
  • Veröffentlicht 31.10.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:53:25

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

5.5

CVE-2018-18873

Exploit
  • EPSS 0.45%
  • Veröffentlicht 31.10.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:47

An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

5.4

CVE-2018-16468

  • EPSS 0.31%
  • Veröffentlicht 30.10.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:48

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.