Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
CVSS Score
5.5
EPSS Score
0.011
Published
2018-07-16
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
CVSS Score
3.3
EPSS Score
0.006
Published
2018-07-16
X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-07-16
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-07-13
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CVSS Score
6.1
EPSS Score
0.016
Published
2018-07-13
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
CVSS Score
4.7
EPSS Score
0.001
Published
2018-07-10
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
CVSS Score
8.1
EPSS Score
0.004
Published
2018-07-10
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-07-10
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
CVSS Score
7.5
EPSS Score
0.01
Published
2018-07-10
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-07-10