Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-29 | CVE-2018-10536 | An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks. | Debian_linux, Wavpack | 7.8 | ||
| 2018-04-29 | CVE-2018-10537 | An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks. | Debian_linux, Wavpack | 7.8 | ||
| 2018-04-29 | CVE-2018-10538 | An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | Debian_linux, Wavpack | 5.5 | ||
| 2018-04-29 | CVE-2018-10539 | An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | Debian_linux, Wavpack | 5.5 | ||
| 2018-04-29 | CVE-2018-10540 | An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation. | Debian_linux, Wavpack | 5.5 | ||
| 2018-05-01 | CVE-2018-10583 | An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. | Openoffice, Ubuntu_linux, Debian_linux, Libreoffice, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2018-05-05 | CVE-2018-10753 | Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | Debian_linux, Fedora, Abcm2ps | 9.8 | ||
| 2018-05-07 | CVE-2018-10771 | Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | Debian_linux, Fedora, Abcm2ps | 9.8 | ||
| 2018-05-21 | CVE-2018-8012 | No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. | Zookeeper, Debian_linux, Goldengate_stream_analytics | 7.5 | ||
| 2018-05-22 | CVE-2018-11356 | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. | Debian_linux, Wireshark | 7.5 |