Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-16 | CVE-2018-10101 | Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | Debian_linux, Wordpress | 6.1 | ||
| 2018-04-16 | CVE-2018-10100 | Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | Debian_linux, Wordpress | 6.1 | ||
| 2018-04-13 | CVE-2018-10087 | The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | Ubuntu_linux, Debian_linux, Linux_kernel | 5.5 | ||
| 2018-09-06 | CVE-2018-1000801 | okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 | Debian_linux, Okular | 5.5 | ||
| 2018-08-20 | CVE-2018-1000637 | zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2. | Debian_linux, Zutils | 7.8 | ||
| 2018-06-26 | CVE-2018-1000528 | GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001. | Debian_linux, Gosa | 6.1 | ||
| 2018-03-13 | CVE-2018-1000098 | Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. | Debian_linux, Pjsip | 7.5 | ||
| 2018-03-13 | CVE-2018-1000097 | Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file.. | Ubuntu_linux, Debian_linux, Sharutils | 7.8 | ||
| 2018-03-13 | CVE-2018-1000085 | ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. | Ubuntu_linux, Clamav, Debian_linux | 5.5 | ||
| 2018-03-13 | CVE-2018-1000069 | FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+. | Debian_linux, Freeplane | 5.5 |