Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-12-27 | CVE-2017-17843 | An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002. | Debian_linux, Enigmail | 5.9 | ||
| 2017-12-27 | CVE-2017-17844 | An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue. | Debian_linux, Enigmail | 6.5 | ||
| 2017-12-27 | CVE-2017-17845 | An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001. | Debian_linux, Enigmail | 7.3 | ||
| 2017-12-27 | CVE-2017-17846 | An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003. | Debian_linux, Enigmail | 7.5 | ||
| 2017-12-27 | CVE-2017-17847 | An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format. | Debian_linux, Enigmail | 7.5 | ||
| 2017-12-27 | CVE-2017-17935 | The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. | Debian_linux, Wireshark | 7.5 | ||
| 2017-12-30 | CVE-2017-17997 | In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. | Debian_linux, Wireshark | 7.5 | ||
| 2018-01-11 | CVE-2018-5334 | In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. | Debian_linux, Wireshark | 6.5 | ||
| 2018-01-11 | CVE-2018-5335 | In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. | Debian_linux, Wireshark | 6.5 | ||
| 2018-01-11 | CVE-2018-5336 | In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. | Debian_linux, Wireshark | 7.5 |