Debian

Debian Linux

9922 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-12186

Exploit
  • EPSS 0.75%
  • Veröffentlicht 24.01.2018 15:29:00
  • Zuletzt bearbeitet 29.08.2025 13:42:30

xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

9.8

CVE-2017-12187

  • EPSS 0.77%
  • Veröffentlicht 24.01.2018 15:29:00
  • Zuletzt bearbeitet 29.08.2025 13:42:30

xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

5.5

CVE-2018-6187

Exploit
  • EPSS 0.35%
  • Veröffentlicht 24.01.2018 10:29:01
  • Zuletzt bearbeitet 21.11.2024 04:10:15

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

4.4

CVE-2017-18030

  • EPSS 0.11%
  • Veröffentlicht 23.01.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:12

The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.

6

CVE-2018-5683

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.01.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:09

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

6.1

CVE-2018-5950

Exploit
  • EPSS 6.86%
  • Veröffentlicht 23.01.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:09:44

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

5.3

CVE-2017-15105

  • EPSS 0.69%
  • Veröffentlicht 23.01.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:05

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound int...

7.5

CVE-2018-6003

  • EPSS 1.58%
  • Veröffentlicht 22.01.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:51

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

8.1

CVE-2018-5968

  • EPSS 1.74%
  • Veröffentlicht 22.01.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:46

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets ...

7.5

CVE-2016-10708

  • EPSS 3.75%
  • Veröffentlicht 21.01.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:33

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.