Debian Linux Security Vulnerabilities - May
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target fil...
7.5CVSS
7.3AI Score
0.002EPSS
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
6.5CVSS
6.2AI Score
0.004EPSS
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
6.5CVSS
6.4AI Score
0.009EPSS
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
6.5CVSS
6.3AI Score
0.006EPSS
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.
9.8CVSS
9.8AI Score
0.013EPSS
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
5.9CVSS
5.8AI Score
0.017EPSS
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue becaus...
7.8CVSS
6.7AI Score
0.003EPSS
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
5.5CVSS
6.1AI Score
0.001EPSS
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
4.8CVSS
5.2AI Score
0.0005EPSS
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
6.5CVSS
6.1AI Score
0.0005EPSS
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
9.8CVSS
9.2AI Score
0.005EPSS
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
9.8CVSS
9.2AI Score
0.004EPSS
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
7.5CVSS
8.2AI Score
0.002EPSS
steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.
6.1CVSS
5.7AI Score
0.472EPSS
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
6.5CVSS
7AI Score
0.003EPSS
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
7.8CVSS
6.1AI Score
0.002EPSS
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
7.2CVSS
7.2AI Score
0.591EPSS
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
8.8CVSS
8.6AI Score
0.005EPSS
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
9.8CVSS
8.8AI Score
0.005EPSS
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
9.8CVSS
8.8AI Score
0.005EPSS
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
9.8CVSS
8.8AI Score
0.005EPSS
hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome.
5.5CVSS
5.7AI Score
0.001EPSS
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
9.8CVSS
6.3AI Score
0.007EPSS
An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service.
6.5CVSS
6AI Score
0.001EPSS
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
7.8CVSS
6.6AI Score
0.006EPSS
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
7.8CVSS
6.6AI Score
0.006EPSS
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
7.8CVSS
6.6AI Score
0.006EPSS
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.
5.5CVSS
6.1AI Score
0.002EPSS
v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming.
4.7CVSS
5.1AI Score
0.001EPSS
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range ar...
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnup...
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when t...
7.8CVSS
7.5AI Score
0.001EPSS
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c)...
6.5CVSS
6.2AI Score
0.005EPSS
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow rem...
7.5CVSS
8.1AI Score
0.969EPSS
In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file.
6.5CVSS
6.2AI Score
0.003EPSS
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
6.5CVSS
6.5AI Score
0.002EPSS
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3,...
8.8CVSS
7.4AI Score
0.006EPSS
An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.900.27, 1.900.28, 1.900.29, 1.900.30, 1.900.31, 2.0.0, 2.0.1, 2.0.2, 2.0.3,...
8.8CVSS
7.2AI Score
0.005EPSS
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
6.5CVSS
6.5AI Score
0.001EPSS
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
7.8CVSS
7.4AI Score
0.002EPSS
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
7.5CVSS
7.3AI Score
0.002EPSS
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values.
7.5CVSS
7.4AI Score
0.004EPSS
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
5.5CVSS
6AI Score
0.001EPSS
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
5.5CVSS
6.1AI Score
0.001EPSS
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
5.5CVSS
6.1AI Score
0.001EPSS
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
7.5CVSS
7.4AI Score
0.022EPSS
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
7.5CVSS
7.2AI Score
0.002EPSS
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.
6.5CVSS
5.8AI Score
0.002EPSS
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
8.1CVSS
6.2AI Score
0.002EPSS
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
6.5CVSS
5.9AI Score
0.002EPSS