Vulnerabilities > Debian > Debian Linux > 7.0

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
9.9
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.9
2018-07-27 CVE-2018-1056 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files.
6.8
2018-07-27 CVE-2017-2624 Information Exposure vulnerability in multiple products
It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies.
1.9
2018-07-19 CVE-2018-7602 A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x.
network
low complexity
drupal debian
critical
9.8
2018-07-16 CVE-2014-2079 Permissions, Privileges, and Access Controls vulnerability in multiple products
X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.
local
low complexity
x-file-explorer-project debian CWE-264
2.1
2018-07-03 CVE-2017-2615 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.1
2018-06-12 CVE-2018-5803 Improper Input Validation vulnerability in Linux Kernel
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
local
low complexity
linux debian redhat CWE-20
4.9
2018-06-11 CVE-2018-5185 Missing Encryption of Sensitive Data vulnerability in multiple products
Plaintext of decrypted emails can leak through by user submitting an embedded form.
4.3
2018-06-11 CVE-2018-5184 Inadequate Encryption Strength vulnerability in multiple products
Using remote content in encrypted messages can lead to the disclosure of plaintext.
network
low complexity
debian mozilla canonical redhat CWE-326
5.0