Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
CVSS Score
3.8
EPSS Score
0.003
Published
2018-06-26
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVSS Score
5.6
EPSS Score
0.013
Published
2018-06-21
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
CVSS Score
7.5
EPSS Score
0.11
Published
2018-06-21
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.
CVSS Score
3.7
EPSS Score
0.069
Published
2018-06-21
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-06-20
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-06-20
There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-06-20
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
CVSS Score
2.8
EPSS Score
0.01
Published
2018-06-20
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVSS Score
7.5
EPSS Score
0.17
Published
2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVSS Score
6.5
EPSS Score
0.017
Published
2018-06-19