Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2018-11439

Exploit
  • EPSS 0.74%
  • Veröffentlicht 30.05.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:22

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

7.8

CVE-2018-11235

Exploit
  • EPSS 41.72%
  • Veröffentlicht 30.05.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:57

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that ...

9.8

CVE-2018-11531

Exploit
  • EPSS 1.44%
  • Veröffentlicht 29.05.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:33

Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.

7.8

CVE-2018-11506

  • EPSS 0.08%
  • Veröffentlicht 28.05.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:30

The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes...

5.5

CVE-2018-11503

  • EPSS 0.52%
  • Veröffentlicht 26.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:30

The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

5.5

CVE-2018-11504

  • EPSS 0.24%
  • Veröffentlicht 26.05.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:30

The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

6.5

CVE-2018-11496

Exploit
  • EPSS 0.84%
  • Veröffentlicht 26.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:29

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.

8.8

CVE-2018-11490

  • EPSS 0.21%
  • Veröffentlicht 26.05.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:28

The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to ...

5.5

CVE-2018-11468

Exploit
  • EPSS 0.52%
  • Veröffentlicht 25.05.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:43:25

The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.

9.8

CVE-2018-8013

  • EPSS 1.33%
  • Veröffentlicht 24.05.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:05

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before ...