Vulnerabilities > Debian > Debian Linux > 10.0

DATE CVE VULNERABILITY TITLE RISK
2018-05-26 CVE-2018-11490 Improper Validation of Array Index vulnerability in multiple products
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked.
8.8
2018-03-25 CVE-2018-8976 Out-of-bounds Read vulnerability in multiple products
In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file.
network
low complexity
exiv2 debian redhat CWE-125
6.5
2018-01-19 CVE-2018-5786 Infinite Loop vulnerability in multiple products
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c).
local
low complexity
long-range-zip-project debian CWE-835
5.5
2017-12-31 CVE-2017-18005 NULL Pointer Dereference vulnerability in multiple products
Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.
local
low complexity
exiv2 debian CWE-476
5.5
2017-12-14 CVE-2017-17527 Injection vulnerability in multiple products
delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
pasdoc-project debian CWE-74
8.8
2017-12-14 CVE-2017-17515 Injection vulnerability in multiple products
etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
ecmwf debian CWE-74
8.8
2017-12-14 CVE-2017-17514 Injection vulnerability in multiple products
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
nip2-project debian CWE-74
8.8
2017-12-13 CVE-2017-17669 Out-of-bounds Read vulnerability in multiple products
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-125
5.5
2017-11-20 CVE-2017-2896 Out-of-bounds Write vulnerability in multiple products
An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4.
local
low complexity
libxls-project debian CWE-787
7.8
2017-10-27 CVE-2017-5121 Improper Input Validation vulnerability in multiple products
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
network
low complexity
google debian redhat CWE-20
8.8