Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-1060

Exploit
  • EPSS 1.04%
  • Veröffentlicht 18.06.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:05

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

6.5

CVE-2018-1152

  • EPSS 0.74%
  • Veröffentlicht 18.06.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:17

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

7

CVE-2018-12029

  • EPSS 0.1%
  • Veröffentlicht 17.06.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:44:27

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file wi...

9.8

CVE-2018-11218

Exploit
  • EPSS 83%
  • Veröffentlicht 17.06.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:55

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

9.8

CVE-2018-11219

Exploit
  • EPSS 2.8%
  • Veröffentlicht 17.06.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:55

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

5.5

CVE-2018-12495

Exploit
  • EPSS 0.54%
  • Veröffentlicht 15.06.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:20

The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

6.5

CVE-2018-12458

  • EPSS 0.96%
  • Veröffentlicht 15.06.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:15

An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.

4.7

CVE-2018-0495

Exploit
  • EPSS 0.26%
  • Veröffentlicht 13.06.2018 23:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:21

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka ...

7.1

CVE-2018-10850

  • EPSS 1.54%
  • Veröffentlicht 13.06.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:08

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of servi...

6.1

CVE-2018-11408

  • EPSS 0.31%
  • Veröffentlicht 13.06.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 03:43:18

The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a con...