Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-9259

Exploit
  • EPSS 0.74%
  • Veröffentlicht 04.04.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:14

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth.

7.5

CVE-2018-9260

Exploit
  • EPSS 0.52%
  • Veröffentlicht 04.04.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:14

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs.

7.5

CVE-2018-9261

Exploit
  • EPSS 0.72%
  • Veröffentlicht 04.04.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:14

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.

7.5

CVE-2018-9262

Exploit
  • EPSS 0.5%
  • Veröffentlicht 04.04.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:14

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth.

7.5

CVE-2018-9263

Exploit
  • EPSS 0.57%
  • Veröffentlicht 04.04.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:14

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length.

7.5

CVE-2018-9264

Exploit
  • EPSS 0.7%
  • Veröffentlicht 04.04.2018 07:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:14

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.

5.3

CVE-2018-9251

Exploit
  • EPSS 0.77%
  • Veröffentlicht 04.04.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:15:13

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnera...

7.5

CVE-2018-9240

  • EPSS 0.44%
  • Veröffentlicht 03.04.2018 22:29:01
  • Zuletzt bearbeitet 21.11.2024 04:15:11

ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur.

5.3

CVE-2017-17742

  • EPSS 1.15%
  • Veröffentlicht 03.04.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:34

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.

7.5

CVE-2018-6914

  • EPSS 2.37%
  • Veröffentlicht 03.04.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:24

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files vi...