CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000878 416 2018-12-20 2019-01-17
6.8
None Remote Medium Not required Partial Partial Partial
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
2 CVE-2018-1000877 415 2018-12-20 2019-01-17
6.8
None Remote Medium Not required Partial Partial Partial
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
3 CVE-2018-1000805 284 2018-10-08 2019-01-08
6.5
None Remote Low Single system Partial Partial Partial
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
4 CVE-2018-1000637 119 DoS Exec Code Overflow 2018-08-20 2018-11-02
6.8
None Remote Medium Not required Partial Partial Partial
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2.
5 CVE-2018-1000632 91 2018-08-20 2019-01-16
6.4
None Remote Low Not required None Partial Partial
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
6 CVE-2018-1000301 119 DoS Overflow 2018-05-24 2019-01-16
6.4
None Remote Low Not required Partial None Partial
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.
7 CVE-2018-1000204 264 2018-06-26 2018-10-31
6.3
None Remote Medium Single system Complete None None
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit."
8 CVE-2018-1000156 20 Exec Code 2018-04-06 2018-06-28
6.8
None Remote Medium Not required Partial Partial Partial
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
9 CVE-2018-1000132 284 2018-03-14 2018-07-06
6.4
None Remote Low Not required Partial Partial None
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
10 CVE-2018-1000122 119 DoS Overflow +Info 2018-03-14 2019-01-16
6.4
None Remote Low Not required Partial None Partial
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
11 CVE-2018-1000097 119 Exec Code Overflow 2018-03-12 2018-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
12 CVE-2018-1000005 125 2018-01-24 2018-03-20
6.4
None Remote Low Not required Partial None Partial
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.
13 CVE-2018-20549 190 2018-12-28 2019-01-16
6.8
None Remote Medium Not required Partial Partial Partial
There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.
14 CVE-2018-19870 476 2018-12-26 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
15 CVE-2018-19543 119 Overflow 2018-11-25 2018-12-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
16 CVE-2018-19492 119 Overflow 2018-11-23 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
17 CVE-2018-19491 119 Overflow 2018-11-23 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
18 CVE-2018-19490 119 Overflow 2018-11-23 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
19 CVE-2018-19477 704 Bypass 2018-11-23 2018-12-20
6.8
None Remote Medium Not required Partial Partial Partial
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
20 CVE-2018-19476 704 Bypass 2018-11-23 2018-12-20
6.8
None Remote Medium Not required Partial Partial Partial
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
21 CVE-2018-19475 254 Bypass 2018-11-23 2018-12-20
6.8
None Remote Medium Not required Partial Partial Partial
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
22 CVE-2018-19296 20 2018-11-16 2018-12-28
6.8
None Remote Medium Not required Partial Partial Partial
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
23 CVE-2018-19274 20 Exec Code 2018-11-17 2018-12-20
6.5
None Remote Low Single system Partial Partial Partial
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
24 CVE-2018-19216 416 2018-11-12 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
25 CVE-2018-19134 704 Exec Code 2018-12-20 2019-01-11
6.8
None Remote Medium Not required Partial Partial Partial
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type.
26 CVE-2018-18873 476 2018-10-31 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
27 CVE-2018-18820 119 DoS Exec Code Overflow 2018-11-05 2019-01-23
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.
28 CVE-2018-18557 787 2018-10-22 2019-01-23
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write.
29 CVE-2018-18359 125 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
30 CVE-2018-18356 190 Overflow 2018-12-11 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
31 CVE-2018-18354 20 2018-12-11 2018-12-20
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient validate of external protocols in Shell Integration in Google Chrome on Windows prior to 71.0.3578.80 allowed a remote attacker to launch external programs via a crafted HTML page.
32 CVE-2018-18347 20 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page.
33 CVE-2018-18343 416 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
34 CVE-2018-18342 502 Exec Code 2018-12-11 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
35 CVE-2018-18341 190 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
36 CVE-2018-18340 119 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in MediaRecorder in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
37 CVE-2018-18339 119 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
38 CVE-2018-18338 119 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
39 CVE-2018-18337 416 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
40 CVE-2018-18336 416 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
41 CVE-2018-18335 119 Overflow 2018-12-11 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
42 CVE-2018-18313 125 2018-12-07 2019-01-03
6.4
None Remote Low Not required Partial None Partial
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
43 CVE-2018-17961 284 Bypass 2018-10-15 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
44 CVE-2018-17481 416 2018-12-11 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
45 CVE-2018-17480 787 Exec Code 2018-12-11 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
46 CVE-2018-17474 416 2018-11-14 2018-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
47 CVE-2018-17472 19 2018-11-14 2018-12-27
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
48 CVE-2018-17469 125 2018-11-14 2018-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
49 CVE-2018-17466 125 2018-11-14 2019-01-24
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
50 CVE-2018-17465 416 2018-11-14 2018-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
Total number of vulnerabilities : 438   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.