Vulnerabilities > Debian > Debian Linux
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-11 | CVE-2018-10001 | Out-of-bounds Read vulnerability in multiple products The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. | 6.5 |
2018-04-10 | CVE-2018-3839 | Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. | 8.8 |
2018-04-10 | CVE-2018-3838 | Out-of-bounds Read vulnerability in multiple products An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. | 6.5 |
2018-04-10 | CVE-2018-3837 | Out-of-bounds Read vulnerability in multiple products An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. | 5.5 |
2018-04-10 | CVE-2018-9989 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | 5.0 |
2018-04-10 | CVE-2018-9988 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | 5.0 |
2018-04-09 | CVE-2017-2826 | Information Exposure vulnerability in multiple products An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. | 4.3 |
2018-04-09 | CVE-2018-1308 | XXE vulnerability in multiple products This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. | 7.5 |
2018-04-07 | CVE-2018-9846 | Improper Input Validation vulnerability in multiple products In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. | 8.8 |
2018-04-06 | CVE-2018-1270 | Code Injection vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |