Filtered by vendor Debian
Subscribe
Total
8236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19661 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2020-10-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. | |||||
| CVE-2018-19662 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2020-10-29 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. | |||||
| CVE-2018-19758 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2020-10-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | |||||
| CVE-2015-8743 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-29 | 3.6 LOW | 7.1 HIGH |
| QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. | |||||
| CVE-2017-13711 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | |||||
| CVE-2017-9524 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. | |||||
| CVE-2018-20406 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Python | 2020-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | |||||
| CVE-2017-13687 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). | |||||
| CVE-2017-13725 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | |||||
| CVE-2017-17499 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | |||||
| CVE-2017-5510 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-28 | 6.8 MEDIUM | 7.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | |||||
| CVE-2017-13028 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). | |||||
| CVE-2017-13024 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | |||||
| CVE-2017-13020 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | |||||
| CVE-2017-13004 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). | |||||
| CVE-2020-12137 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2020-10-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. | |||||
| CVE-2018-1000178 | 2 Debian, Quassel-irc | 2 Debian Linux, Quassel | 2020-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely. | |||||
| CVE-2018-1000179 | 2 Debian, Quassel-irc | 2 Debian Linux, Quassel | 2020-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. | |||||
| CVE-2018-7730 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function. | |||||
| CVE-2018-7728 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2020-10-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileHandlers/TIFF_Handler.cpp mishandles a case of a zero length, leading to a heap-based buffer over-read in the MD5Update() function in third-party/zuid/interfaces/MD5.cpp. | |||||