Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
9127 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10393 | 3 Debian, Redhat, Xiph.org | 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more | 2024-11-21 | 7.5 High |
| bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. | ||||
| CVE-2018-10392 | 3 Debian, Redhat, Xiph.org | 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more | 2024-11-21 | 8.8 High |
| mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2018-10380 | 3 Debian, Kde, Opensuse | 3 Debian Linux, Plasma, Leap | 2024-11-21 | N/A |
| kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | ||||
| CVE-2018-10323 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. | ||||
| CVE-2018-10289 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-11-21 | 5.5 Medium |
| In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. | ||||
| CVE-2018-10242 | 2 Debian, Oisf | 2 Debian Linux, Suricata | 2024-11-21 | N/A |
| Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check. | ||||
| CVE-2018-10195 | 3 Debian, Lrzsz Project, Suse | 5 Debian Linux, Lrzsz, Linux Enterprise Debuginfo and 2 more | 2024-11-21 | 7.1 High |
| lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. | ||||
| CVE-2018-10194 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
| The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | ||||
| CVE-2018-10191 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2024-11-21 | 9.8 Critical |
| In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code. | ||||
| CVE-2018-10124 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. | ||||
| CVE-2018-10120 | 4 Canonical, Debian, Libreoffice and 1 more | 7 Ubuntu Linux, Debian Linux, Libreoffice and 4 more | 2024-11-21 | N/A |
| The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. | ||||
| CVE-2018-10119 | 4 Canonical, Debian, Libreoffice and 1 more | 7 Ubuntu Linux, Debian Linux, Libreoffice and 4 more | 2024-11-21 | N/A |
| sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. | ||||
| CVE-2018-10102 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | N/A |
| Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. | ||||
| CVE-2018-10101 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | N/A |
| Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | ||||
| CVE-2018-10100 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | N/A |
| Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | ||||
| CVE-2018-10087 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | ||||
| CVE-2018-10061 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 5.4 Medium |
| Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). | ||||
| CVE-2018-10060 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 5.4 Medium |
| Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | ||||
| CVE-2018-10001 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | N/A |
| The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. | ||||
| CVE-2018-1002200 | 3 Codehaus-plexus, Debian, Redhat | 6 Plexus-archiver, Debian Linux, Enterprise Linux and 3 more | 2024-11-21 | N/A |
| plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||