9 matches found
DEBIAN-CVE-2018-25107
The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...
DEBIAN-CVE-2018-14879
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:getnextfile...
DEBIAN-CVE-2018-18245
Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified checkload plugin to NRPE...
DEBIAN-CVE-2018-14611
An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in trymergefreespace when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfscheckchunkvalid in fs/btrfs/volumes.c...
DEBIAN-CVE-2018-8013
In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization...
DEBIAN-CVE-2018-11214
An issue was discovered in libjpeg 9a. The gettextrgbrow function in rdppm.c allows remote attackers to cause a denial of service Segmentation fault via a crafted file...
DEBIAN-CVE-2018-10801
TIFFClientOpen in tifunix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff...
DEBIAN-CVE-2018-7740
The resvmaprelease function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service BUG via a crafted application that makes mmap system calls and has a large pgoff argument to the remapfilepages system call...
DEBIAN-CVE-2018-7548
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using $PA... on an empty array result...