Debian Linux Security Vulnerabilities and Issues — Page 12 of Debian Linux CVE List

Lucene search

DebianDebian Linux

1190 matches found

CVE•added 2019/12/05 1:15 a.m.•225 views

CVE-2019-19553

In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.

7.5CVSS7.2AI score0.00552EPSS

CVE•added 2019/02/19 5:29 p.m.•225 views

CVE-2019-5765

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

5.5CVSS5.4AI score0.00131EPSS

CVE•added 2019/12/10 10:15 p.m.•224 views

CVE-2019-13744

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5CVSS6.2AI score0.02568EPSS

CVE•added 2019/12/25 4:15 a.m.•224 views

CVE-2019-19965

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.

4.7CVSS6.2AI score0.00054EPSS

CVE•added 2019/02/08 11:29 a.m.•224 views

CVE-2019-7637

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.

8.8CVSS8.9AI score0.02859EPSS

CVE•added 2019/02/28 4:29 a.m.•224 views

CVE-2019-9214

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.

7.5CVSS6AI score0.05075EPSS

CVE•added 2019/08/15 5:15 p.m.•223 views

CVE-2019-12854

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.

7.5CVSS8.1AI score0.60533EPSS

CVE•added 2019/06/26 6:15 p.m.•223 views

CVE-2019-12975

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.

5.5CVSS6.7AI score0.00091EPSS

CVE•added 2019/12/10 10:15 p.m.•223 views

CVE-2019-13728

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.5AI score0.03148EPSS

CVE•added 2019/07/18 8:15 p.m.•223 views

CVE-2019-13962

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.

9.8CVSS9.3AI score0.01637EPSS

CVE•added 2019/11/01 12:15 p.m.•222 views

CVE-2013-2600

MiniUPnPd has information disclosure use of snprintf()

7.5CVSS7.2AI score0.00493EPSS

CVE•added 2019/01/03 1:29 p.m.•222 views

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

6.5CVSS6.7AI score0.00461EPSS

CVE•added 2019/04/09 4:29 a.m.•222 views

CVE-2019-10899

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.

7.5CVSS7.3AI score0.07524EPSS

CVE•added 2019/02/07 7:29 a.m.•222 views

CVE-2019-7574

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

8.8CVSS8.8AI score0.0338EPSS

CVE•added 2019/02/28 6:29 p.m.•221 views

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird

9.8CVSS7.2AI score0.03924EPSS

CVE•added 2019/04/09 4:29 a.m.•221 views

CVE-2019-10894

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

7.5CVSS7.2AI score0.07524EPSS

CVE•added 2019/12/10 10:15 p.m.•221 views

CVE-2019-13727

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

8.8CVSS7.7AI score0.01281EPSS

CVE•added 2019/09/23 12:15 p.m.•221 views

CVE-2019-16711

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.

6.5CVSS7.5AI score0.00144EPSS

CVE•added 2019/04/08 7:29 p.m.•221 views

CVE-2019-1787

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of prope...

7.5CVSS6.4AI score0.01944EPSS

CVE•added 2019/11/15 4:15 a.m.•221 views

CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

9.8CVSS9.6AI score0.005EPSS

CVE•added 2019/02/19 5:29 p.m.•221 views

CVE-2019-5774

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

8.8CVSS6.9AI score0.00917EPSS

CVE•added 2019/02/19 5:29 p.m.•221 views

CVE-2019-5781

Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.

6.5CVSS5.6AI score0.00852EPSS

CVE•added 2019/06/27 5:15 p.m.•221 views

CVE-2019-5806

Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.6AI score0.01514EPSS

CVE•added 2019/02/07 7:29 a.m.•221 views

CVE-2019-7578

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

8.1CVSS8.4AI score0.03334EPSS

CVE•added 2019/04/17 2:29 p.m.•221 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaini...

8.1CVSS7.9AI score0.01063EPSS

CVE•added 2019/09/03 5:15 a.m.•220 views

CVE-2015-9382

FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.

6.5CVSS6.6AI score0.00798EPSS

CVE•added 2019/10/17 1:15 p.m.•220 views

CVE-2019-17674

WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.

5.4CVSS6.8AI score0.01781EPSS

CVE•added 2019/01/26 5:29 p.m.•220 views

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP config...

5.9CVSS6.2AI score0.68816EPSS

CVE•added 2019/04/09 4:29 a.m.•219 views

CVE-2019-10903

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.

7.5CVSS7.2AI score0.07524EPSS

CVE•added 2019/12/10 10:15 p.m.•218 views

CVE-2019-13758

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

4.3CVSS4.8AI score0.01003EPSS

CVE•added 2019/10/14 2:15 a.m.•218 views

CVE-2019-17545

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.

9.8CVSS9.3AI score0.01651EPSS

CVE•added 2019/02/28 4:29 a.m.•218 views

CVE-2019-9209

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

5.5CVSS5.7AI score0.00483EPSS

CVE•added 2019/12/20 3:15 p.m.•217 views

CVE-2012-6094

cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system

9.8CVSS9.2AI score0.00685EPSS

CVE•added 2019/12/10 10:15 p.m.•217 views

CVE-2019-13735

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

8.8CVSS8.6AI score0.06077EPSS

CVE•added 2019/01/28 9:29 p.m.•217 views

CVE-2019-3462

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

9.3CVSS7.1AI score0.09911EPSS

CVE•added 2019/04/22 4:29 p.m.•217 views

CVE-2019-3901

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid e...

5.6CVSS5.4AI score0.00072EPSS

CVE•added 2019/02/07 7:29 a.m.•217 views

CVE-2019-7573

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).

8.8CVSS8.7AI score0.0347EPSS

CVE•added 2019/02/28 4:29 a.m.•217 views

CVE-2019-9208

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.

7.5CVSS6AI score0.04385EPSS

CVE•added 2019/01/15 9:29 p.m.•216 views

CVE-2018-14662

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption.

5.7CVSS5.7AI score0.00118EPSS

CVE•added 2019/03/21 4:0 p.m.•216 views

CVE-2018-20340

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is c...

6.8CVSS6.8AI score0.00132EPSS

CVE•added 2019/05/15 11:29 p.m.•216 views

CVE-2019-12111

A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c.

7.5CVSS7.1AI score0.0103EPSS

CVE•added 2019/06/26 6:15 p.m.•215 views

CVE-2019-12976

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.

5.5CVSS6.5AI score0.00091EPSS

CVE•added 2019/11/17 6:15 p.m.•215 views

CVE-2019-19012

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or...

9.8CVSS9.7AI score0.14783EPSS

CVE•added 2019/10/03 4:15 p.m.•214 views

CVE-2018-14470

The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

7.5CVSS8.6AI score0.01543EPSS

CVE•added 2019/01/02 6:29 p.m.•214 views

CVE-2018-19478

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.

5.5CVSS6.1AI score0.00681EPSS

CVE•added 2019/02/19 5:29 p.m.•214 views

CVE-2019-5757

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

8.8CVSS6.1AI score0.01655EPSS

CVE•added 2019/03/28 2:29 p.m.•213 views

CVE-2019-7524

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.

8.8CVSS6.2AI score0.0003EPSS

CVE•added 2019/01/15 6:29 p.m.•212 views

CVE-2018-16846

It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices.

6.5CVSS6.2AI score0.04862EPSS

CVE•added 2019/02/19 5:29 p.m.•212 views

CVE-2019-5762

Inappropriate memory management when caching in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.

8.8CVSS6.9AI score0.02538EPSS

CVE•added 2019/07/17 12:15 p.m.•212 views

CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed w...

4.3CVSS6.4AI score0.03341EPSS

Total number of security vulnerabilities1190