Vulnerabilities > Debian > Debian Linux
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-17 | CVE-2018-6913 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. | 7.5 |
2018-04-17 | CVE-2018-6798 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Perl 5.22 through 5.26. | 5.0 |
2018-04-17 | CVE-2018-6797 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Perl 5.18 through 5.26. | 7.5 |
2018-04-16 | CVE-2018-10124 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. | 2.1 |
2018-04-16 | CVE-2018-10120 | Improper Validation of Array Index vulnerability in multiple products The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. | 7.8 |
2018-04-16 | CVE-2018-10119 | Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. | 7.8 |
2018-04-16 | CVE-2018-10102 | Cross-site Scripting vulnerability in Wordpress Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. | 4.3 |
2018-04-16 | CVE-2018-10101 | Open Redirect vulnerability in Wordpress Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | 5.8 |
2018-04-16 | CVE-2018-10100 | Open Redirect vulnerability in Wordpress Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | 5.8 |
2018-04-13 | CVE-2017-0372 | Injection vulnerability in multiple products Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | 7.5 |