Vulnerabilities > Debian > Debian Linux > 9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-25 | CVE-2019-6956 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. | 5.8 |
| 2019-01-25 | CVE-2018-20743 | Improper Input Validation vulnerability in multiple products murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | 5.0 |
| 2019-01-25 | CVE-2017-18359 | Improper Input Validation vulnerability in multiple products PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled. | 5.0 |
| 2019-01-24 | CVE-2019-6486 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. | 8.2 |
| 2019-01-22 | CVE-2019-6339 | Improper Input Validation vulnerability in multiple products In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. | 9.8 |
| 2019-01-22 | CVE-2017-6922 | Files or Directories Accessible to External Parties vulnerability in multiple products In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. | 6.5 |
| 2019-01-22 | CVE-2019-6338 | Deserialization of Untrusted Data vulnerability in multiple products In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; Drupal core uses the third-party PEAR Archive_Tar library. | 8.0 |
| 2019-01-16 | CVE-2018-5740 | Reachable Assertion vulnerability in multiple products "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. | 5.0 |
| 2019-01-16 | CVE-2018-5733 | Integer Overflow or Wraparound vulnerability in multiple products A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. | 5.0 |
| 2019-01-16 | CVE-2017-3145 | Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. | 7.5 |