CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian » Debian Linux » 9.0 * * * : Security Vulnerabilities (Memory Corruption)

Cpe Name:cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-28702 269 Mem. Corr. 2021-10-06 2021-12-16
4.6
None Local Low Not required Partial Partial Partial
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
2 CVE-2021-23978 Mem. Corr. 2021-02-26 2021-05-01
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
3 CVE-2021-20204 416 Exec Code Mem. Corr. 2021-05-06 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.
4 CVE-2021-3407 415 Mem. Corr. 2021-02-23 2021-12-15
4.3
None Remote Medium Not required None None Partial
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
5 CVE-2020-27815 787 Mem. Corr. 2021-05-26 2021-12-10
6.1
None Local Low Not required Partial Partial Complete
A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
6 CVE-2020-25643 20 DoS Overflow Mem. Corr. 2020-10-06 2021-10-19
7.5
None Remote Medium ??? Partial Partial Complete
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7 CVE-2020-22036 787 Overflow Mem. Corr. 2021-06-01 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
8 CVE-2020-22032 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
9 CVE-2020-22031 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
10 CVE-2020-22025 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
11 CVE-2020-22023 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
12 CVE-2020-22022 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
13 CVE-2020-22016 787 Overflow Mem. Corr. 2021-05-27 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
14 CVE-2020-15683 Mem. Corr. 2020-10-22 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
15 CVE-2020-14392 119 Overflow Mem. Corr. 2020-09-16 2021-10-19
2.1
None Local Low Not required None None Partial
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
16 CVE-2020-14390 787 DoS Mem. Corr. 2020-09-18 2020-11-02
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
17 CVE-2020-14386 787 +Priv Mem. Corr. 2020-09-16 2021-12-10
7.2
None Local Low Not required Complete Complete Complete
A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.
18 CVE-2020-9498 119 Exec Code Overflow Mem. Corr. 2020-07-02 2021-07-21
6.2
None Local High Not required Complete Complete Complete
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.
19 CVE-2020-6831 120 Overflow Mem. Corr. 2020-05-26 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
20 CVE-2019-17024 120 Mem. Corr. 2020-01-08 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
21 CVE-2019-10126 787 Overflow Mem. Corr. 2019-06-14 2021-10-28
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.
22 CVE-2018-1000199 119 Exec Code Overflow Mem. Corr. 2018-05-24 2020-08-24
4.9
None Local Low Not required None None Complete
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
23 CVE-2018-20182 119 Exec Code Overflow Mem. Corr. 2019-03-15 2019-09-15
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
24 CVE-2018-20181 787 Exec Code Overflow Mem. Corr. 2019-03-15 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
25 CVE-2018-20180 191 Exec Code Overflow Mem. Corr. 2019-03-15 2019-09-15
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.
26 CVE-2018-18501 119 Overflow Mem. Corr. 2019-02-05 2019-04-02
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
27 CVE-2018-16841 415 DoS Mem. Corr. 2018-11-28 2019-10-09
4.0
None Remote Low ??? None None Partial
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
28 CVE-2018-16585 119 Overflow Mem. Corr. 2018-09-06 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193).
29 CVE-2018-12405 119 Overflow Mem. Corr. 2019-02-28 2019-03-12
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64.
30 CVE-2018-12390 119 Overflow Mem. Corr. 2019-02-28 2019-03-01
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
31 CVE-2018-12389 119 Overflow Mem. Corr. 2019-02-28 2019-03-01
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.
32 CVE-2018-12376 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.
33 CVE-2018-11218 787 Overflow Mem. Corr. 2018-06-17 2021-08-04
7.5
None Remote Low Not required Partial Partial Partial
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
34 CVE-2018-8800 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
35 CVE-2018-8797 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
36 CVE-2018-8795 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
37 CVE-2018-8794 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
38 CVE-2018-8793 787 Exec Code Overflow Mem. Corr. 2019-02-05 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
39 CVE-2018-5996 119 DoS Exec Code Overflow Mem. Corr. 2018-01-31 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
40 CVE-2018-5188 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
41 CVE-2018-5187 119 Overflow Mem. Corr. 2018-10-18 2018-12-06
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61.
42 CVE-2018-5183 119 Overflow Mem. Corr. 2018-06-11 2019-03-13
7.5
None Remote Low Not required Partial Partial Partial
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
43 CVE-2018-5150 119 Overflow Mem. Corr. 2018-06-11 2019-03-13
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
44 CVE-2018-5145 119 Overflow Mem. Corr. 2018-06-11 2019-03-13
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
45 CVE-2018-5129 787 Mem. Corr. 2018-06-11 2019-03-08
5.0
None Remote Low Not required None Partial None
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
46 CVE-2018-5125 119 Overflow Mem. Corr. 2018-06-11 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
47 CVE-2018-5089 119 Overflow Mem. Corr. 2018-06-11 2018-08-03
7.5
None Remote Low Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
48 CVE-2018-0493 416 Exec Code Mem. Corr. 2018-04-03 2018-05-21
6.5
None Remote Low ??? Partial Partial Partial
remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution.
49 CVE-2017-1000422 190 Exec Code Overflow Mem. Corr. 2018-01-02 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
50 CVE-2017-17857 119 DoS Overflow Mem. Corr. 2017-12-27 2018-01-09
7.2
None Local Low Not required Complete Complete Complete
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
Total number of vulnerabilities : 72   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.