Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  Security Vulnerabilities
An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.
CVSS Score
9.8
EPSS Score
0.025
Published
2018-07-17
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
CVSS Score
9.8
EPSS Score
0.037
Published
2018-07-17
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
CVSS Score
8.8
EPSS Score
0.021
Published
2018-07-17
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
CVSS Score
6.5
EPSS Score
0.017
Published
2018-07-17
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
CVSS Score
7.5
EPSS Score
0.014
Published
2018-07-17
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.
CVSS Score
5.9
EPSS Score
0.015
Published
2018-07-16
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
CVSS Score
9.8
EPSS Score
0.246
Published
2018-07-16
git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key. This attack could be used to expose encrypted data that was never stored in git-annex
CVSS Score
5.9
EPSS Score
0.014
Published
2018-07-16
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
CVSS Score
5.5
EPSS Score
0.017
Published
2018-07-16
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
CVSS Score
3.3
EPSS Score
0.016
Published
2018-07-16


Contact Us

Shodan ® - All rights reserved