Vulnerabilities (CVE)

Vendor filter

Debian Subscribe

Product filter

Debian Linux Subscribe

Filter

2977 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-11212 6 Ijg, Netapp, Oracle and 3 more 11 Libjpeg, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more 2019-03-25 4.3
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2018-16890 4 Haxx, Canonical, Debian and 1 more 4 Libcurl, Ubuntu Linux, Debian Linux and 1 more 2019-03-25 5.0
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is...
CVE-2018-7550 4 Qemu, Redhat, Canonical and 1 more 10 Qemu, Virtualization, Ubuntu Linux and 7 more 2019-03-25 4.6
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read...
CVE-2018-1000007 4 Haxx, Debian, Canonical and 1 more 6 Curl, Debian Linux, Ubuntu Linux and 3 more 2019-03-25 5.0
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to...
CVE-2018-1000005 3 Haxx, Debian, Canonical 3 Libcurl, Debian Linux, Ubuntu Linux 2019-03-25 6.4
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was...
CVE-2016-4578 6 Linux, Canonical, Novell and 3 more 19 Ubuntu Linux, Suse Linux Enterprise Live Patching, Linux Kernel and 16 more 2019-03-25 2.1
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1)...
CVE-2019-8907 2 File Project, Debian 2 File, Debian Linux 2019-03-25 6.8
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
CVE-2019-8905 2 File Project, Debian 2 File, Debian Linux 2019-03-25 6.8
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
CVE-2016-1840 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 6.8
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or...
CVE-2016-1839 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a...
CVE-2016-1838 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer...
CVE-2016-1837 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow...
CVE-2016-1836 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service...
CVE-2016-1834 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 9.3
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a...
CVE-2016-1833 6 Debian, Apple, Canonical and 3 more 15 Ubuntu Linux, Debian Linux, Iphone Os and 12 more 2019-03-25 4.3
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a...
CVE-2019-6111 5 Openbsd, Winscp, Canonical and 2 more 5 Openssh, Winscp, Ubuntu Linux and 2 more 2019-03-25 5.8
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name...
CVE-2019-6109 5 Openbsd, Winscp, Netapp and 2 more 7 Openssh, Winscp, Element Software and 4 more 2019-03-25 4.0
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control...
CVE-2018-20685 5 Openbsd, Netapp, Winscp and 2 more 9 Openssh, Cloud Backup, Element Software and 6 more 2019-03-25 2.6
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-14720 2 Fasterxml, Debian 2 Jackson-databind, Debian Linux 2019-03-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVE-2018-14718 2 Fasterxml, Debian 2 Jackson-databind, Debian Linux 2019-03-25 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.