CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux » 9.0 : Security Vulnerabilities

Cpe Name:cpe:/o:debian:debian_linux:9.0
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-1000140 119 Exec Code Overflow 2018-03-23 2018-04-25
7.5
None Remote Low Not required Partial Partial Partial
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
2 CVE-2018-1000122 119 DoS Overflow +Info 2018-03-14 2018-04-09
6.4
None Remote Low Not required Partial None Partial
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
3 CVE-2018-1000121 476 DoS 2018-03-14 2018-04-09
5.0
None Remote Low Not required None None Partial
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
4 CVE-2018-1000120 787 DoS Overflow 2018-03-14 2018-04-09
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
5 CVE-2018-1000097 119 Exec Code Overflow 2018-03-12 2018-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
6 CVE-2018-1000027 476 DoS 2018-02-09 2018-03-15
5.0
None Remote Low Not required None None Partial
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
7 CVE-2018-1000024 19 DoS 2018-02-09 2018-03-15
5.0
None Remote Low Not required None None Partial
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
8 CVE-2018-1000007 200 +Info 2018-01-24 2018-03-20
5.0
None Remote Low Not required Partial None None
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
9 CVE-2018-1000005 125 2018-01-24 2018-03-20
6.4
None Remote Low Not required Partial None Partial
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.
10 CVE-2018-10102 79 XSS 2018-04-16 2018-05-18
4.3
None Remote Medium Not required None Partial None
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
11 CVE-2018-10101 601 2018-04-16 2018-05-18
5.8
None Remote Medium Not required Partial Partial None
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
12 CVE-2018-10100 601 2018-04-16 2018-05-18
5.8
None Remote Medium Not required Partial Partial None
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
13 CVE-2018-8828 119 Overflow 2018-03-20 2018-04-20
7.5
None Remote Low Not required Partial Partial Partial
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.
14 CVE-2018-8764 352 CSRF 2018-03-27 2018-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.
15 CVE-2018-8763 79 XSS 2018-03-27 2018-04-19
4.3
None Remote Medium Not required None Partial None
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.
16 CVE-2018-8754 119 Overflow 2018-03-17 2018-04-20
7.5
None Remote Low Not required Partial Partial Partial
The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size.
17 CVE-2018-8048 79 XSS 2018-03-27 2018-04-24
4.3
None Remote Medium Not required None Partial None
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
18 CVE-2018-7600 20 Exec Code 2018-03-29 2018-04-24
7.5
None Remote Low Not required Partial Partial Partial
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
19 CVE-2018-7542 476 DoS 2018-02-27 2018-05-12
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.
20 CVE-2018-7541 264 DoS +Priv 2018-02-27 2018-05-12
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
21 CVE-2018-7540 400 DoS 2018-02-27 2018-05-12
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
22 CVE-2018-7490 22 Dir. Trav. 2018-02-26 2018-03-23
5.0
None Remote Low Not required Partial None None
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
23 CVE-2018-7254 119 Overflow 2018-02-19 2018-03-19
6.8
None Remote Medium Not required Partial Partial Partial
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
24 CVE-2018-7253 119 Overflow 2018-02-19 2018-03-15
6.8
None Remote Medium Not required Partial Partial Partial
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
25 CVE-2018-6913 119 Exec Code Overflow 2018-04-17 2018-05-22
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
26 CVE-2018-6798 119 Overflow 2018-04-17 2018-05-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
27 CVE-2018-6797 119 Overflow 2018-04-17 2018-05-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
28 CVE-2018-6791 77 Exec Code 2018-02-06 2018-03-13
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
29 CVE-2018-6789 119 Exec Code Overflow 2018-02-08 2018-05-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
30 CVE-2018-6596 200 +Info 2018-02-03 2018-03-02
6.4
None Remote Low Not required Partial Partial None
webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.
31 CVE-2018-6360 20 Exec Code 2018-01-27 2018-02-21
6.8
None Remote Medium Not required Partial Partial Partial
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL.
32 CVE-2018-5996 388 DoS Exec Code Mem. Corr. 2018-01-31 2018-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
33 CVE-2018-5704 134 Exec Code XSS 2018-01-16 2018-02-09
9.3
None Remote Medium Not required Complete Complete Complete
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
34 CVE-2018-5702 264 Exec Code 2018-01-15 2018-02-09
6.8
None Remote Medium Not required Partial Partial Partial
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
35 CVE-2018-5381 400 DoS 2018-02-19 2018-03-15
5.0
None Remote Low Not required None None Partial
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
36 CVE-2018-5380 125 2018-02-19 2018-03-15
4.0
None Remote Low Single system None None Partial
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
37 CVE-2018-5379 415 DoS Exec Code 2018-02-19 2018-03-15
7.5
None Remote Low Not required Partial Partial Partial
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
38 CVE-2018-5378 119 Overflow 2018-02-19 2018-03-15
4.9
None Remote Medium Single system Partial None Partial
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
39 CVE-2018-3839 787 Exec Code 2018-04-10 2018-05-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
40 CVE-2018-3838 125 2018-04-10 2018-05-21
4.3
None Remote Medium Not required Partial None None
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.
41 CVE-2018-3837 125 2018-04-10 2018-05-21
4.3
None Remote Medium Not required Partial None None
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.
42 CVE-2018-3710 22 Exec Code Dir. Trav. 2018-03-21 2018-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
43 CVE-2018-1312 287 2018-03-26 2018-05-01
6.8
None Remote Medium Not required Partial Partial Partial
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.
44 CVE-2018-1308 611 2018-04-09 2018-05-14
5.0
None Remote Low Not required Partial None None
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.
45 CVE-2018-1303 125 DoS 2018-03-26 2018-05-01
5.0
None Remote Low Not required None None Partial
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.
46 CVE-2018-1302 476 2018-03-26 2018-04-18
4.3
None Remote Medium Not required None None Partial
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
47 CVE-2018-1301 119 Overflow 2018-03-26 2018-05-01
4.3
None Remote Medium Not required None None Partial
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.
48 CVE-2018-1283 20 2018-03-26 2018-05-01
3.5
None Remote Medium Single system None Partial None
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.
49 CVE-2018-1086 200 Bypass +Info 2018-04-12 2018-05-17
5.0
None Remote Low Not required Partial None None
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
50 CVE-2018-1084 190 Overflow 2018-04-12 2018-05-17
7.5
None Remote Low Not required Partial Partial Partial
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
Total number of vulnerabilities : 261   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.