National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:debian:debian_linux:9.0
There are 570 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-10933

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

Published: October 17, 2018; 08:29:00 AM -04:00
V3: 9.1 CRITICAL
V2: 6.4 MEDIUM
CVE-2018-16741

An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.

Published: September 13, 2018; 12:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

Published: September 10, 2018; 12:29:00 PM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-16645

There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.

Published: September 06, 2018; 06:29:01 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16644

There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.

Published: September 06, 2018; 06:29:01 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16642

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.

Published: September 06, 2018; 06:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-1000801

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1

Published: September 06, 2018; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16585

An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

Published: September 06, 2018; 10:29:00 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-16543

In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.

Published: September 05, 2018; 02:29:01 PM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-16542

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

Published: September 05, 2018; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16541

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

Published: September 05, 2018; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16540

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

Published: September 05, 2018; 02:29:00 PM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-16539

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

Published: September 05, 2018; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16513

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.

Published: September 05, 2018; 09:29:00 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-16511

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

Published: September 05, 2018; 02:29:00 AM -04:00
V3: 7.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

Published: September 05, 2018; 02:29:00 AM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-6555

The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.

Published: September 04, 2018; 02:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-6554

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.

Published: September 04, 2018; 02:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2018-16435

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

Published: September 03, 2018; 08:29:02 PM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-16430

GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.

Published: September 03, 2018; 08:29:01 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM