RSS   Vulnerabilities for 'Debian linux'   RSS

2018-11-25
 
CVE-2018-19543

CWE-119
 

 
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.

 
2018-11-09
 
CVE-2018-19132

CWE-399
 

 
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.

 
2018-10-31
 
CVE-2018-14651

CWE-59
 

 
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.

 
 
CVE-2018-16842

CWE-125
 

 
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

 
 
CVE-2018-16839

CWE-119
 

 
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

 
 
CVE-2018-14659

CWE-400
 

 
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.

 
 
CVE-2018-18873

CWE-476
 

 
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

 
2018-10-29
 
CVE-2018-18718

CWE-415
 

 
An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer.

 
2018-10-26
 
CVE-2018-15688

CWE-119
 

 
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

 
 
CVE-2018-15686

CWE-502
 

 
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

 


Copyright 2018, cxsecurity.com

 

Back to Top