Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-10-09 | CVE-2018-17958 | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | Ubuntu_linux, Debian_linux, Qemu, Virtualization, Virtualization_manager | N/A | ||
2018-08-16 | CVE-2018-14567 | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | Ubuntu_linux, Debian_linux, Libxml2 | 6.5 | ||
2018-07-19 | CVE-2018-14404 | A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. | Ubuntu_linux, Debian_linux, Libxml2 | 7.5 | ||
2017-05-02 | CVE-2017-8112 | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | Debian_linux, Qemu | N/A | ||
2017-11-17 | CVE-2017-16845 | hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | Ubuntu_linux, Debian_linux, Qemu | N/A | ||
2016-04-08 | CVE-2016-2381 | Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | Ubuntu_linux, Debian_linux, Opensuse, Communications_billing_and_revenue_management, Configuration_manager, Database_server, Enterprise_manager_base_platform, Solaris, Timesten_in\-Memory_database, Perl | N/A | ||
2017-04-11 | CVE-2015-8568 | Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. | Debian_linux, Qemu | N/A | ||
2018-07-19 | CVE-2018-14423 | Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | Debian_linux, Openjpeg | 7.5 | ||
2018-05-23 | CVE-2018-1125 | procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. | Ubuntu_linux, Debian_linux, Leap, Procps\-Ng | N/A | ||
2018-05-23 | CVE-2018-1124 | procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. | Ubuntu_linux, Debian_linux, Leap, Procps\-Ng, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Struxureware_data_center_expert | N/A |