Vulnerabilities (CVE)

Vendor filter

Debian Subscribe

Filter

2197 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-9363 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Android 2018-12-12 7.2
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android...
CVE-2018-16843 3 Nginx, Canonical, Debian 3 Nginx, Ubuntu Linux, Debian Linux 2018-12-12 7.8
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2'...
CVE-2018-16844 3 Nginx, Canonical, Debian 3 Nginx, Ubuntu Linux, Debian Linux 2018-12-12 7.8
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of...
CVE-2018-19141 1 Debian 1 Debian Linux 2018-12-12 3.5
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
CVE-2018-19143 1 Debian 1 Debian Linux 2018-12-12 5.5
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
CVE-2018-9422 2 Debian, Google 2 Debian Linux, Android 2018-12-12 7.2
In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...
CVE-2018-9516 2 Debian, Google 2 Debian Linux, Android 2018-12-12 7.2
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed...
CVE-2018-19199 1 Debian 1 Debian Linux 2018-12-12 7.5
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
CVE-2018-19200 1 Debian 1 Debian Linux 2018-12-12 5.0
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
CVE-2018-19132 2 Squid-cache, Debian 2 Squid, Debian Linux 2018-12-11 4.3
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
CVE-2017-5133 2 Google, Debian 2 Chrome, Debian Linux 2018-12-11 6.8
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentially execute code via a crafted PDF file.
CVE-2018-14651 2 Debian, Redhat 2 Debian Linux, Enterprise Linux 2018-12-11 6.5
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or...
CVE-2018-17082 2 Php, Debian 2 Php, Debian Linux 2018-12-11 4.3
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function...
CVE-2018-14883 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2018-12-11 5.0
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
CVE-2018-14851 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2018-12-11 4.3
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted...
CVE-2018-15688 4 Freedesktop, Canonical, Debian and 1 more 8 Systemd, Ubuntu Linux, Debian Linux and 5 more 2018-12-10 7.5
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
CVE-2018-15686 3 Freedesktop, Canonical, Debian 3 Systemd, Ubuntu Linux, Debian Linux 2018-12-10 10.0
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation....
CVE-2018-18718 2 Gnome, Debian 2 Gthumb, Debian Linux 2018-12-07 4.6
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.
CVE-2017-15705 4 Apache, Canonical, Debian and 1 more 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more 2018-12-07 5.0
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache...
CVE-2018-18873 4 Jasper Project, Canonical, Debian and 1 more 5 Jasper, Ubuntu Linux, Debian Linux and 2 more 2018-12-07 6.8
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.