Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-26 | CVE-2018-20482 | Infinite Loop vulnerability in multiple products GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). | 4.7 |
| 2018-12-26 | CVE-2018-20481 | NULL Pointer Dereference vulnerability in multiple products XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. | 6.5 |
| 2018-12-26 | CVE-2018-20467 | Infinite Loop vulnerability in multiple products In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. | 6.5 |
| 2018-12-24 | CVE-2018-20431 | NULL Pointer Dereference vulnerability in multiple products GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. | 6.5 |
| 2018-12-24 | CVE-2018-20430 | Out-of-bounds Read vulnerability in multiple products GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. | 6.5 |
| 2018-12-22 | CVE-2018-20360 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. | 5.5 |
| 2018-12-18 | CVE-2018-19790 | Open Redirect vulnerability in multiple products An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. | 6.1 |
| 2018-12-18 | CVE-2018-19789 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. | 5.3 |
| 2018-12-18 | CVE-2018-20199 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. | 5.5 |
| 2018-12-17 | CVE-2018-20189 | Improper Input Validation vulnerability in multiple products In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. | 6.5 |