CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux » 8.0 : Security Vulnerabilities Published In 2018

Cpe Name:cpe:/o:debian:debian_linux:8.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2018-1122 2018-05-23 2019-10-02
4.4
None Local Medium Not required Partial Partial Partial
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
602 CVE-2018-1120 119 DoS Overflow 2018-06-20 2019-10-09
3.5
None Remote Medium Single system None None Partial
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
603 CVE-2018-1118 200 +Info 2018-05-10 2019-10-09
2.1
None Local Low Not required Partial None None
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
604 CVE-2018-1116 200 +Info 2018-07-10 2019-10-09
3.6
None Local Low Not required Partial None Partial
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
605 CVE-2018-1089 119 DoS Overflow 2018-05-09 2019-10-09
5.0
None Remote Low Not required None None Partial
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
606 CVE-2018-1087 2018-05-15 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.
607 CVE-2018-1068 787 2018-03-16 2019-05-14
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
608 CVE-2018-1066 476 2018-03-02 2019-04-23
7.1
None Remote Medium Not required None None Complete
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.
609 CVE-2018-1064 400 2018-03-28 2018-06-19
5.0
None Remote Low Not required None None Partial
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.
610 CVE-2018-1061 DoS 2018-06-19 2019-10-02
5.0
None Remote Low Not required None None Partial
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
611 CVE-2018-1060 DoS 2018-06-18 2019-10-02
5.0
None Remote Low Not required None None Partial
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
612 CVE-2018-1057 732 2018-03-13 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
613 CVE-2018-1056 125 2018-07-27 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.
614 CVE-2018-1050 20 DoS 2018-03-13 2019-04-09
2.9
None Local Network Medium Not required None None Partial
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
615 CVE-2018-1049 362 DoS 2018-02-16 2019-10-09
4.3
None Remote Medium Not required None None Partial
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.
616 CVE-2018-0739 400 DoS 2018-03-27 2019-04-23
4.3
None Remote Medium Not required None None Partial
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
617 CVE-2018-0735 320 2018-10-29 2019-07-23
4.3
None Remote Medium Not required Partial None None
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
618 CVE-2018-0732 320 DoS 2018-06-12 2019-05-30
5.0
None Remote Low Not required None None Partial
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
619 CVE-2018-0618 79 XSS 2018-07-26 2019-04-22
3.5
None Remote Medium Single system None Partial None
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
620 CVE-2018-0498 2018-07-28 2019-10-02
1.9
None Local Medium Not required Partial None None
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
621 CVE-2018-0497 2018-07-28 2019-10-02
4.3
None Remote Medium Not required Partial None None
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.
622 CVE-2018-0495 200 +Info 2018-06-13 2019-05-30
1.9
None Local Medium Not required Partial None None
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
623 CVE-2018-0494 20 2018-05-06 2018-10-31
4.3
None Remote Medium Not required None Partial None
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
624 CVE-2018-0492 362 2018-04-03 2018-10-21
4.4
None Local Medium Not required Partial Partial Partial
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.
625 CVE-2018-0489 347 +Info 2018-02-27 2018-03-23
6.4
None Remote Low Not required Partial Partial None
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.
626 CVE-2018-0486 347 +Info 2018-01-13 2018-02-15
6.4
None Remote Low Not required Partial Partial None
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
627 CVE-2018-0361 20 2018-07-16 2019-04-26
4.3
None Remote Medium Not required None None Partial
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
628 CVE-2018-0360 190 Overflow 2018-07-16 2019-04-26
4.3
None Remote Medium Not required None None Partial
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
629 CVE-2017-1000501 22 Exec Code Dir. Trav. 2018-01-03 2019-05-03
7.5
None Remote Low Not required Partial Partial Partial
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
630 CVE-2017-1000472 22 Dir. Trav. 2018-01-03 2018-02-03
5.8
None Remote Medium Not required None Partial Partial
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".
631 CVE-2017-1000456 119 Overflow 2018-01-02 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
632 CVE-2017-1000433 287 2018-01-02 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
633 CVE-2017-1000422 190 Exec Code Overflow Mem. Corr. 2018-01-02 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
634 CVE-2017-1000421 416 Exec Code 2018-01-02 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution
635 CVE-2017-18267 835 DoS 2018-05-10 2019-10-02
4.3
None Remote Medium Not required None None Partial
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
636 CVE-2017-18266 74 2018-05-10 2018-06-14
6.8
None Remote Medium Not required Partial Partial Partial
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
637 CVE-2017-18264 Bypass 2018-05-01 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument.
638 CVE-2017-18249 362 DoS 2018-03-26 2019-04-02
4.4
None Local Medium Not required Partial Partial Partial
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
639 CVE-2017-18231 476 DoS 2018-03-13 2019-04-16
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.
640 CVE-2017-18230 476 DoS 2018-03-13 2019-04-16
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.
641 CVE-2017-18229 770 DoS 2018-03-13 2019-10-02
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.
642 CVE-2017-18219 770 DoS 2018-03-05 2019-10-02
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation.
643 CVE-2017-18190 290 Exec Code 2018-02-16 2019-10-02
5.0
None Remote Low Not required None Partial None
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
644 CVE-2017-18189 476 2018-02-15 2019-08-06
5.0
None Remote Low Not required None None Partial
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
645 CVE-2017-18187 190 Overflow Bypass 2018-02-14 2019-04-26
7.5
None Remote Low Not required Partial Partial Partial
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
646 CVE-2017-18122 347 Bypass 2018-02-02 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.
647 CVE-2017-18121 79 Exec Code XSS 2018-02-02 2019-05-13
4.3
None Remote Medium Not required None Partial None
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.
648 CVE-2017-18078 59 Bypass 2018-01-29 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
649 CVE-2017-18076 2018-01-26 2019-10-02
5.0
None Remote Low Not required Partial None None
In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
650 CVE-2017-17969 787 DoS Exec Code Overflow 2018-01-30 2018-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
Total number of vulnerabilities : 862   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.