You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 22, 2022. It is now read-only.
CVE-2018-6485: [High] Found in: glibc [2.24-11+deb9u4] Fixed By: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. https://security-tracker.debian.org/tracker/CVE-2018-6485
CVE-2019-9169: [High] Found in: glibc [2.24-11+deb9u4] Fixed By: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. https://security-tracker.debian.org/tracker/CVE-2019-9169
CVE-2018-1000001: [High] Found in: glibc [2.24-11+deb9u4] Fixed By: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. https://security-tracker.debian.org/tracker/CVE-2018-1000001
CVE-2017-12424: [High] Found in: shadow [1:4.4-4.1] Fixed By: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create sub-accounts. https://security-tracker.debian.org/tracker/CVE-2017-12424
CVE-2019-12900: [High] Found in: bzip2 [1.0.6-8.1] Fixed By: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. https://security-tracker.debian.org/tracker/CVE-2019-12900
CVE-2016-2779: [High] Found in: util-linux [2.29.2-1+deb9u1] Fixed By: runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. https://security-tracker.debian.org/tracker/CVE-2016-2779
CVE-2018-15686: [Critical] Found in: systemd [232-25+deb9u9] Fixed By: 232-25+deb9u10 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. https://security-tracker.debian.org/tracker/CVE-2018-15686
The text was updated successfully, but these errors were encountered:
List of CVE's found:
CVE-2018-6485: [High] Found in: glibc [2.24-11+deb9u4] Fixed By: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. https://security-tracker.debian.org/tracker/CVE-2018-6485
CVE-2019-9169: [High] Found in: glibc [2.24-11+deb9u4] Fixed By: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. https://security-tracker.debian.org/tracker/CVE-2019-9169
CVE-2018-1000001: [High] Found in: glibc [2.24-11+deb9u4] Fixed By: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. https://security-tracker.debian.org/tracker/CVE-2018-1000001
CVE-2017-12424: [High] Found in: shadow [1:4.4-4.1] Fixed By: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create sub-accounts. https://security-tracker.debian.org/tracker/CVE-2017-12424
CVE-2019-12900: [High] Found in: bzip2 [1.0.6-8.1] Fixed By: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. https://security-tracker.debian.org/tracker/CVE-2019-12900
CVE-2016-2779: [High] Found in: util-linux [2.29.2-1+deb9u1] Fixed By: runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. https://security-tracker.debian.org/tracker/CVE-2016-2779
CVE-2018-15686: [Critical] Found in: systemd [232-25+deb9u9] Fixed By: 232-25+deb9u10 A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239. https://security-tracker.debian.org/tracker/CVE-2018-15686
The text was updated successfully, but these errors were encountered: