Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2018-6187

Exploit
  • EPSS 0.46%
  • Veröffentlicht 24.01.2018 10:29:01
  • Zuletzt bearbeitet 21.11.2024 04:10:15

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

4.4

CVE-2017-18030

  • EPSS 0.11%
  • Veröffentlicht 23.01.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:19:12

The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.

6

CVE-2018-5683

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.01.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:09

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

6.1

CVE-2018-5950

Exploit
  • EPSS 2.23%
  • Veröffentlicht 23.01.2018 16:29:01
  • Zuletzt bearbeitet 21.11.2024 04:09:44

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

5.3

CVE-2017-15105

  • EPSS 0.69%
  • Veröffentlicht 23.01.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:05

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound int...

7.5

CVE-2018-6003

  • EPSS 1.58%
  • Veröffentlicht 22.01.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:51

An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.

8.1

CVE-2018-5968

  • EPSS 1.97%
  • Veröffentlicht 22.01.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:46

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets ...

7.5

CVE-2016-10708

  • EPSS 3.12%
  • Veröffentlicht 21.01.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 02:44:33

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

7.8

CVE-2017-15108

  • EPSS 0.14%
  • Veröffentlicht 20.01.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:05

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

6.5

CVE-2018-5784

Exploit
  • EPSS 0.39%
  • Veröffentlicht 19.01.2018 08:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:23

In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared nu...