Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-15	CVE-2017-5934	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network moinmo canonical debian opensuse CWE-79	4.3
2018-10-15	CVE-2018-15378	Out-of-bounds Read vulnerability in multiple products A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. network clamav debian canonical CWE-125	4.3
2018-10-15	CVE-2018-18073	Information Exposure vulnerability in multiple products Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. local low complexity artifex debian canonical redhat CWE-200	6.3
2018-10-15	CVE-2018-17961	Information Exposure Through an Error Message vulnerability in multiple products Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. local low complexity artifex debian canonical redhat CWE-209	8.6
2018-10-15	CVE-2018-18310	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. network elfutils-project debian redhat opensuse canonical CWE-119	4.3
2018-10-12	CVE-2018-18227	NULL Pointer Dereference vulnerability in multiple products In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. network low complexity wireshark debian CWE-476	7.5
2018-10-12	CVE-2018-18226	Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. network low complexity wireshark debian CWE-772	7.5
2018-10-12	CVE-2018-18225	Incorrect Calculation vulnerability in multiple products In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. network low complexity wireshark debian opensuse CWE-682	7.5
2018-10-10	CVE-2018-16758	Missing Authentication for Critical Function vulnerability in multiple products Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. network high complexity tinc-vpn debian starwindsoftware CWE-306	5.9
2018-10-10	CVE-2018-16738	Improper Authentication vulnerability in multiple products tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. network high complexity tinc-vpn debian starwindsoftware CWE-287	3.7