ReportizFlow
Filtered by vendor Debian
Subscriptions
Total
10017 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2579 | 6 Canonical, Debian, Hp and 3 more | 20 Ubuntu Linux, Debian Linux, Xp7 Command View and 17 more | 2024-11-21 | 3.7 Low |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2018-2562 | 6 Canonical, Debian, Mariadb and 3 more | 17 Ubuntu Linux, Debian Linux, Mariadb and 14 more | 2024-11-21 | 7.1 High |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). | ||||
| CVE-2018-25033 | 2 Admesh Project, Debian | 2 Admesh, Debian Linux | 2024-11-21 | 8.1 High |
| ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. | ||||
| CVE-2018-21247 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | ||||
| CVE-2018-21016 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 6.5 Medium |
| audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | ||||
| CVE-2018-21015 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 6.5 Medium |
| AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication = cfg->AVCLevelIndication;" but cfg could be NULL. | ||||
| CVE-2018-21010 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 8.8 High |
| OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. | ||||
| CVE-2018-20847 | 3 Debian, Redhat, Uclouvain | 3 Debian Linux, Enterprise Linux, Openjpeg | 2024-11-21 | 8.8 High |
| An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | ||||
| CVE-2018-20836 | 7 Canonical, Debian, F5 and 4 more | 16 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 13 more | 2024-11-21 | 8.1 High |
| An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | ||||
| CVE-2018-20763 | 3 Canonical, Debian, Gpac Project | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-11-21 | N/A |
| In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. | ||||
| CVE-2018-20762 | 3 Canonical, Debian, Gpac Project | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-11-21 | N/A |
| GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. | ||||
| CVE-2018-20761 | 3 Canonical, Debian, Gpac Project | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-11-21 | N/A |
| GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a. | ||||
| CVE-2018-20760 | 3 Canonical, Debian, Gpac | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-11-21 | N/A |
| In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled. | ||||
| CVE-2018-20750 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 9.8 Critical |
| LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. | ||||
| CVE-2018-20749 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 9.8 Critical |
| LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. | ||||
| CVE-2018-20748 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 9.8 Critical |
| LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. | ||||
| CVE-2018-20743 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | N/A |
| murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | ||||
| CVE-2018-20721 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2024-11-21 | 9.8 Critical |
| URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address. | ||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.5 Medium |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | ||||
| CVE-2018-20650 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-11-21 | 6.5 Medium |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | ||||