Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8817 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6073 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2018-16396 4 Canonical, Debian, Redhat and 1 more 4 Ubuntu Linux, Debian Linux, Enterprise Linux and 1 more 2023-12-10 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.
CVE-2018-5801 4 Canonical, Debian, Libraw and 1 more 6 Ubuntu Linux, Debian Linux, Libraw and 3 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
CVE-2019-7283 2 Debian, Netkit 2 Debian Linux, Netkit 2023-12-10 5.8 MEDIUM 7.4 HIGH
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.
CVE-2018-8798 2 Debian, Rdesktop 2 Debian Linux, Rdesktop 2023-12-10 5.0 MEDIUM 7.5 HIGH
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.
CVE-2018-6133 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVE-2018-4056 2 Coturn Project, Debian 2 Coturn, Debian Linux 2023-12-10 7.5 HIGH 9.8 CRITICAL
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.
CVE-2018-3139 5 Canonical, Debian, Hp and 2 more 13 Ubuntu Linux, Debian Linux, Xp7 Command View and 10 more 2023-12-10 2.6 LOW 3.1 LOW
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
CVE-2018-20151 2 Debian, Wordpress 2 Debian Linux, Wordpress 2023-12-10 5.0 MEDIUM 7.5 HIGH
In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default.
CVE-2018-6071 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2018-18338 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-16587 2 Debian, Otrs 2 Debian Linux, Open Ticket Request System 2023-12-10 5.8 MEDIUM 6.5 MEDIUM
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.
CVE-2018-15209 2 Debian, Libtiff 2 Debian Linux, Libtiff 2023-12-10 6.8 MEDIUM 8.8 HIGH
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
CVE-2018-8799 2 Debian, Rdesktop 2 Debian Linux, Rdesktop 2023-12-10 5.0 MEDIUM 7.5 HIGH
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).
CVE-2018-8786 5 Canonical, Debian, Fedoraproject and 2 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
CVE-2018-6090 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2018-6307 3 Canonical, Debian, Libvnc Project 3 Ubuntu Linux, Debian Linux, Libvncserver 2023-12-10 6.8 MEDIUM 8.1 HIGH
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
CVE-2018-14404 3 Canonical, Debian, Xmlsoft 3 Ubuntu Linux, Debian Linux, Libxml2 2023-12-10 5.0 MEDIUM 7.5 HIGH
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
CVE-2018-15822 3 Canonical, Debian, Ffmpeg 3 Ubuntu Linux, Debian Linux, Ffmpeg 2023-12-10 5.0 MEDIUM 7.5 HIGH
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.
CVE-2018-6052 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.