Vulnerabilities (CVE)

Vendor filter

Debian Subscribe

Filter

3169 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-19870 2 Qt, Debian 2 Qt, Debian Linux 2019-04-18 6.8
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
CVE-2019-6486 3 Golang, Debian, Opensuse 3 Go, Debian Linux, Leap 2019-04-18 6.4
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
CVE-2018-20482 2 Gnu, Debian 2 Tar, Debian Linux 2019-04-18 1.9
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be...
CVE-2019-3462 3 Debian, Netapp, Canonical 5 Apt, Active Iq, Element Software and 2 more 2019-04-18 9.3
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
CVE-2017-9611 2 Artifex, Debian 2 Ghostscript Ghostxps, Debian Linux 2019-04-18 6.8
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9835 2 Artifex, Debian 2 Ghostscript, Debian Linux 2019-04-18 6.8
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript...
CVE-2017-9739 2 Artifex, Debian 2 Ghostscript Ghostxps, Debian Linux 2019-04-18 6.8
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2018-1301 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Clustered Data Ontap and 5 more 2019-04-18 4.3
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to...
CVE-2019-5769 4 Google, Debian, Redhat and 1 more 6 Chrome, Debian Linux, Enterprise Linux Desktop and 3 more 2019-04-18 6.8
Incorrect handling of invalid end character position when front rendering in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-14647 4 Python, Canonical, Debian and 1 more 4 Python, Ubuntu Linux, Debian Linux and 1 more 2019-04-18 5.0
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash...
CVE-2018-17456 4 Git-scm, Canonical, Debian and 1 more 11 Git, Ubuntu Linux, Debian Linux and 8 more 2019-04-18 7.5
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file...
CVE-2018-19490 3 Gnuplot, Debian, Opensuse 3 Gnuplot, Debian Linux, Leap 2019-04-18 6.8
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass...
CVE-2019-5770 4 Google, Debian, Redhat and 1 more 6 Chrome, Debian Linux, Enterprise Linux Desktop and 3 more 2019-04-18 6.8
Insufficient input validation in WebGL in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2018-19491 3 Gnuplot, Debian, Opensuse 3 Gnuplot, Debian Linux, Leap 2019-04-18 6.8
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the...
CVE-2018-19492 3 Gnuplot, Debian, Opensuse 3 Gnuplot, Debian Linux, Leap 2019-04-18 6.8
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed...
CVE-2019-2422 6 Oracle, Netapp, Canonical and 3 more 15 Jdk, Jre, Oncommand Unified Manager and 12 more 2019-04-18 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2018-17189 4 Apache, Netapp, Debian and 1 more 5 Http Server, Santricity Cloud Connector, Storage Automation Store and 2 more 2019-04-18 5.0
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2...
CVE-2018-17199 4 Apache, Netapp, Debian and 1 more 5 Http Server, Santricity Cloud Connector, Debian Linux and 2 more 2019-04-18 5.0
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the...
CVE-2016-10741 2 Linux, Debian 2 Linux Kernel, Debian Linux 2019-04-18 4.7
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead...
CVE-2019-5773 4 Google, Debian, Redhat and 1 more 6 Chrome, Debian Linux, Enterprise Linux Desktop and 3 more 2019-04-18 4.3
Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.