Filtered by vendor Debian
Subscribe
Total
9332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14350 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2020-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field. | |||||
| CVE-2018-14351 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2020-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size. | |||||
| CVE-2018-14352 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2020-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow. | |||||
| CVE-2018-14353 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2020-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. | |||||
| CVE-2018-14355 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2020-05-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | |||||
| CVE-2018-14356 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2020-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. | |||||
| CVE-2018-14358 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2020-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. | |||||
| CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | |||||
| CVE-2018-14361 | 2 Debian, Neomutt | 2 Debian Linux, Neomutt | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data. | |||||
| CVE-2018-14360 | 2 Debian, Neomutt | 2 Debian Linux, Neomutt | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage. | |||||
| CVE-2018-14359 | 4 Canonical, Debian, Mutt and 1 more | 4 Ubuntu Linux, Debian Linux, Mutt and 1 more | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. | |||||
| CVE-2017-17833 | 5 Canonical, Debian, Lenovo and 2 more | 61 Ubuntu Linux, Debian Linux, Bm Nextscale Fan Power Controller and 58 more | 2020-05-15 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | |||||
| CVE-2016-4441 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 2.1 LOW | 6.0 MEDIUM |
| The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. | |||||
| CVE-2016-4439 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. | |||||
| CVE-2016-4454 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 3.6 LOW | 6.0 MEDIUM |
| The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. | |||||
| CVE-2016-4453 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 4.9 MEDIUM | 4.4 MEDIUM |
| The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. | |||||
| CVE-2017-5946 | 2 Debian, Rubyzip Project | 2 Debian Linux, Rubyzip | 2020-05-14 | 7.5 HIGH | 9.8 CRITICAL |
| The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem. | |||||
| CVE-2014-8104 | 5 Canonical, Debian, Mageia and 2 more | 6 Ubuntu Linux, Debian Linux, Mageia and 3 more | 2020-05-12 | 6.8 MEDIUM | N/A |
| OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | |||||
| CVE-2018-0618 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2020-05-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-1116 | 3 Canonical, Debian, Polkit Project | 3 Ubuntu Linux, Debian Linux, Polkit | 2020-05-05 | 3.6 LOW | 4.4 MEDIUM |
| A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure. | |||||