ReportizFlow
Filtered by vendor Debian
Subscriptions
Total
10015 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14767 | 2 Debian, Kamailio | 2 Debian Linux, Kamailio | 2024-11-21 | N/A |
| In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code. | ||||
| CVE-2018-14734 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-11-21 | N/A |
| drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). | ||||
| CVE-2018-14721 | 4 Debian, Fasterxml, Oracle and 1 more | 21 Debian Linux, Jackson-databind, Banking Platform and 18 more | 2024-11-21 | N/A |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. | ||||
| CVE-2018-14720 | 4 Debian, Fasterxml, Oracle and 1 more | 21 Debian Linux, Jackson-databind, Banking Platform and 18 more | 2024-11-21 | N/A |
| FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | ||||
| CVE-2018-14719 | 5 Debian, Fasterxml, Netapp and 2 more | 31 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 28 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. | ||||
| CVE-2018-14718 | 5 Debian, Fasterxml, Netapp and 2 more | 36 Debian Linux, Jackson-databind, Oncommand Workflow Automation and 33 more | 2024-11-21 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | ||||
| CVE-2018-14682 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 9 Libmspack, Cabextract, Ubuntu Linux and 6 more | 2024-11-21 | N/A |
| An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. | ||||
| CVE-2018-14681 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 9 Libmspack, Cabextract, Ubuntu Linux and 6 more | 2024-11-21 | N/A |
| An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. | ||||
| CVE-2018-14680 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 9 Libmspack, Cabextract, Ubuntu Linux and 6 more | 2024-11-21 | N/A |
| An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. | ||||
| CVE-2018-14679 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 9 Libmspack, Cabextract, Ubuntu Linux and 6 more | 2024-11-21 | N/A |
| An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | ||||
| CVE-2018-14678 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. | ||||
| CVE-2018-14662 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-11-21 | 5.7 Medium |
| It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | ||||
| CVE-2018-14661 | 3 Debian, Gluster, Redhat | 7 Debian Linux, Glusterfs, Enterprise Linux and 4 more | 2024-11-21 | 6.5 Medium |
| It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. | ||||
| CVE-2018-14660 | 3 Debian, Gluster, Redhat | 7 Debian Linux, Glusterfs, Enterprise Linux and 4 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. | ||||
| CVE-2018-14659 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux, Enterprise Linux Server and 4 more | 2024-11-21 | 6.5 Medium |
| The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. | ||||
| CVE-2018-14654 | 2 Debian, Redhat | 8 Debian Linux, Enterprise Linux, Enterprise Linux Server and 5 more | 2024-11-21 | 6.5 Medium |
| The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. | ||||
| CVE-2018-14653 | 2 Debian, Redhat | 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more | 2024-11-21 | 8.8 High |
| The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. | ||||
| CVE-2018-14652 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux, Enterprise Linux Server and 4 more | 2024-11-21 | 6.5 Medium |
| The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. | ||||
| CVE-2018-14651 | 3 Debian, Gluster, Redhat | 4 Debian Linux, Glusterfs, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. | ||||
| CVE-2018-14648 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, 389 Directory Server, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. | ||||