Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-04 | CVE-2018-9263 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length. | Debian_linux, Wireshark | 7.5 | ||
| 2018-04-04 | CVE-2018-9264 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency. | Debian_linux, Wireshark | 7.5 | ||
| 2018-04-04 | CVE-2018-9265 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. | Debian_linux, Wireshark | 7.5 | ||
| 2018-04-04 | CVE-2018-9267 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. | Debian_linux, Wireshark | 7.5 | ||
| 2018-04-04 | CVE-2018-9268 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. | Debian_linux, Wireshark | 7.5 | ||
| 2018-04-04 | CVE-2018-9269 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. | Debian_linux, Wireshark | 7.5 | ||
| 2018-04-04 | CVE-2018-9270 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. | Debian_linux, Wireshark | 7.5 | ||
| 2018-04-04 | CVE-2018-9273 | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. | Debian_linux, Wireshark | 7.5 | ||
| 2018-04-06 | CVE-2018-1270 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. | Debian_linux, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_services_gatekeeper, Enterprise_manager_ops_center, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_rules_palette, Primavera_gateway, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_integration_bus, Retail_open_commerce_platform, Retail_order_broker, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_returns_management, Retail_xstore_point_of_service, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Fuse, Spring_framework | 9.8 | ||
| 2018-04-07 | CVE-2018-9846 | In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism. | Debian_linux, Webmail | 8.8 |