Vulnerabilities > Debian > Debian Linux > 9.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-02 | CVE-2018-14718 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | 9.8 |
2019-01-02 | CVE-2019-3500 | Information Exposure Through Log Files vulnerability in multiple products aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | 7.8 |
2019-01-01 | CVE-2018-20650 | Improper Input Validation vulnerability in multiple products A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | 6.5 |
2018-12-28 | CVE-2018-1000888 | Deserialization of Untrusted Data vulnerability in multiple products PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. | 6.8 |
2018-12-26 | CVE-2018-20217 | Reachable Assertion vulnerability in multiple products A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. | 5.3 |
2018-12-26 | CVE-2018-19873 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Qt before 5.11.3. | 7.5 |
2018-12-26 | CVE-2018-19870 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Qt before 5.11.3. | 6.8 |
2018-12-26 | CVE-2018-15518 | Double Free vulnerability in multiple products QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | 6.8 |
2018-12-26 | CVE-2018-20482 | Infinite Loop vulnerability in multiple products GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). | 1.9 |
2018-12-26 | CVE-2018-20467 | Infinite Loop vulnerability in multiple products In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. | 4.3 |