CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux » 7.0 : Security Vulnerabilities

Cpe Name:cpe:/o:debian:debian_linux:7.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000164 93 2018-04-18 2018-05-22
5.0
None Remote Low Not required None Partial None
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.
2 CVE-2018-1000156 20 Exec Code 2018-04-06 2018-05-15
6.8
None Remote Medium Not required Partial Partial Partial
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
3 CVE-2018-1000132 284 2018-03-14 2018-04-13
6.4
None Remote Low Not required Partial Partial None
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
4 CVE-2018-1000127 190 Overflow 2018-03-13 2018-04-11
5.0
None Remote Low Not required None None Partial
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.
5 CVE-2018-1000122 119 DoS Overflow +Info 2018-03-14 2018-04-09
6.4
None Remote Low Not required Partial None Partial
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
6 CVE-2018-1000121 476 DoS 2018-03-14 2018-04-09
5.0
None Remote Low Not required None None Partial
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
7 CVE-2018-1000120 787 DoS Overflow 2018-03-14 2018-04-09
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
8 CVE-2018-1000116 119 Exec Code Overflow 2018-03-07 2018-03-29
7.5
None Remote Low Not required Partial Partial Partial
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
9 CVE-2018-1000085 125 2018-03-13 2018-04-10
4.3
None Remote Medium Not required None None Partial
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.
10 CVE-2018-1000078 79 XSS 2018-03-13 2018-04-24
4.3
None Remote Medium Not required None Partial None
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.
11 CVE-2018-1000077 20 2018-03-13 2018-04-24
5.0
None Remote Low Not required None Partial None
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.
12 CVE-2018-1000076 347 2018-03-13 2018-04-24
7.5
None Remote Low Not required Partial Partial Partial
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.
13 CVE-2018-1000075 400 2018-03-13 2018-04-24
5.0
None Remote Low Not required None None Partial
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.
14 CVE-2018-1000041 255 2018-02-09 2018-03-02
4.3
None Remote Medium Not required Partial None None
GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB. This attack appear to be exploitable via The victim must process a specially crafted SVG file containing an UNC path on Windows.
15 CVE-2018-1000027 476 DoS 2018-02-09 2018-03-15
5.0
None Remote Low Not required None None Partial
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
16 CVE-2018-1000024 19 DoS 2018-02-09 2018-03-15
5.0
None Remote Low Not required None None Partial
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
17 CVE-2018-1000007 200 +Info 2018-01-24 2018-03-20
5.0
None Remote Low Not required Partial None None
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
18 CVE-2018-9018 369 DoS 2018-03-25 2018-04-18
4.3
None Remote Medium Not required None None Partial
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
19 CVE-2018-8780 22 Dir. Trav. 2018-04-03 2018-05-15
7.5
None Remote Low Not required Partial Partial Partial
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.
20 CVE-2018-8779 20 2018-04-03 2018-05-15
5.0
None Remote Low Not required None Partial None
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.
21 CVE-2018-8778 200 +Info 2018-04-03 2018-05-15
5.0
None Remote Low Not required Partial None None
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
22 CVE-2018-8777 399 DoS 2018-04-03 2018-05-15
5.0
None Remote Low Not required None None Partial
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
23 CVE-2018-8763 79 XSS 2018-03-27 2018-04-19
4.3
None Remote Medium Not required None Partial None
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.
24 CVE-2018-7998 362 DoS 2018-03-09 2018-03-27
5.1
None Remote High Not required Partial Partial Partial
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.
25 CVE-2018-7877 119 DoS Overflow 2018-03-08 2018-03-26
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.
26 CVE-2018-7876 399 DoS 2018-03-08 2018-03-26
4.3
None Remote Medium Not required None None Partial
In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.
27 CVE-2018-7875 119 DoS Overflow 2018-03-08 2018-04-10
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.
28 CVE-2018-7874 119 DoS Overflow 2018-03-08 2018-03-23
4.3
None Remote Medium Not required None None Partial
An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
29 CVE-2018-7873 119 DoS Overflow 2018-03-08 2018-03-23
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.
30 CVE-2018-7872 119 DoS Overflow 2018-03-08 2018-04-10
4.3
None Remote Medium Not required None None Partial
An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
31 CVE-2018-7871 119 DoS Overflow 2018-03-08 2018-04-10
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.
32 CVE-2018-7870 119 DoS Overflow 2018-03-08 2018-04-10
4.3
None Remote Medium Not required None None Partial
An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
33 CVE-2018-7869 399 DoS 2018-03-08 2018-03-23
4.3
None Remote Medium Not required None None Partial
There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack.
34 CVE-2018-7868 119 DoS Overflow 2018-03-08 2018-04-10
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.
35 CVE-2018-7867 119 DoS Overflow 2018-03-08 2018-04-10
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack.
36 CVE-2018-7866 476 DoS 2018-03-08 2018-03-23
4.3
None Remote Medium Not required None None Partial
A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
37 CVE-2018-7711 347 2018-03-05 2018-03-29
6.8
None Remote Medium Not required Partial Partial Partial
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value.
38 CVE-2018-7600 20 Exec Code 2018-03-29 2018-04-24
7.5
None Remote Low Not required Partial Partial Partial
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
39 CVE-2018-7556 200 +Info 2018-02-28 2018-03-23
6.4
None Remote Low Not required Partial Partial None
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
40 CVE-2018-7554 416 DoS 2018-02-28 2018-04-07
7.5
None Remote Low Not required Partial Partial Partial
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
41 CVE-2018-7553 119 DoS Overflow 2018-02-28 2018-04-07
7.5
None Remote Low Not required Partial Partial Partial
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
42 CVE-2018-7552 119 DoS Overflow 2018-02-28 2018-04-07
7.5
None Remote Low Not required Partial Partial Partial
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
43 CVE-2018-7551 416 DoS 2018-02-28 2018-04-07
7.5
None Remote Low Not required Partial Partial Partial
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
44 CVE-2018-7537 185 2018-03-09 2018-04-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
45 CVE-2018-7536 185 2018-03-09 2018-04-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable.
46 CVE-2018-7440 77 2018-02-23 2018-03-17
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
47 CVE-2018-7187 20 Exec Code 2018-02-16 2018-03-13
9.3
User Remote Medium Not required Complete Complete Complete
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.
48 CVE-2018-7186 119 DoS Overflow 2018-02-16 2018-03-14
7.5
None Remote Low Not required Partial Partial Partial
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
49 CVE-2018-6914 22 Dir. Trav. 2018-04-03 2018-05-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.
50 CVE-2018-6913 119 Exec Code Overflow 2018-04-17 2018-05-22
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Total number of vulnerabilities : 578   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.