Filtered by vendor Debian Subscriptions
Total 9303 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-5407 7 Canonical, Debian, Nodejs and 4 more 23 Ubuntu Linux, Debian Linux, Node.js and 20 more 2024-11-21 4.7 Medium
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-5391 7 Canonical, Debian, F5 and 4 more 80 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 77 more 2024-11-21 7.5 High
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVE-2018-5390 8 A10networks, Canonical, Cisco and 5 more 47 Advanced Core Operating System, Ubuntu Linux, Collaboration Meeting Rooms and 44 more 2024-11-21 7.5 High
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-5388 3 Canonical, Debian, Strongswan 3 Ubuntu Linux, Debian Linux, Strongswan 2024-11-21 N/A
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
CVE-2018-5381 4 Canonical, Debian, Quagga and 1 more 5 Ubuntu Linux, Debian Linux, Quagga and 2 more 2024-11-21 N/A
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service.
CVE-2018-5380 4 Canonical, Debian, Quagga and 1 more 5 Ubuntu Linux, Debian Linux, Quagga and 2 more 2024-11-21 N/A
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
CVE-2018-5379 5 Canonical, Debian, Quagga and 2 more 11 Ubuntu Linux, Debian Linux, Quagga and 8 more 2024-11-21 N/A
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
CVE-2018-5378 3 Canonical, Debian, Quagga 3 Ubuntu Linux, Debian Linux, Quagga 2024-11-21 N/A
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
CVE-2018-5345 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 N/A
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
CVE-2018-5336 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
CVE-2018-5335 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.
CVE-2018-5334 2 Debian, Wireshark 2 Debian Linux, Wireshark 2024-11-21 N/A
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.
CVE-2018-5333 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2024-11-21 N/A
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
CVE-2018-5332 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2024-11-21 7.8 High
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
CVE-2018-5294 2 Debian, Libming 2 Debian Linux, Libming 2024-11-21 N/A
In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.
CVE-2018-5269 2 Debian, Opencv 2 Debian Linux, Opencv 2024-11-21 5.5 Medium
In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast.
CVE-2018-5268 2 Debian, Opencv 2 Debian Linux, Opencv 2024-11-21 5.5 Medium
In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.
CVE-2018-5251 2 Debian, Libming 2 Debian Linux, Libming 2024-11-21 N/A
In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.
CVE-2018-5248 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2024-11-21 N/A
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
CVE-2018-5208 2 Debian, Irssi 2 Debian Linux, Irssi 2024-11-21 N/A
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.