Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2018-9132 | NULL Pointer Dereference vulnerability in multiple products libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. | 6.5 |
| 2018-03-29 | CVE-2018-7600 | Improper Input Validation vulnerability in multiple products Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | 7.5 |
| 2018-03-28 | CVE-2018-1064 | Resource Exhaustion vulnerability in multiple products libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | 7.5 |
| 2018-03-28 | CVE-2017-11509 | SQL Injection vulnerability in multiple products An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement. | 9.0 |
| 2018-03-28 | CVE-2018-1083 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. | 7.8 |
| 2018-03-27 | CVE-2018-0739 | Uncontrolled Recursion vulnerability in multiple products Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. | 6.5 |
| 2018-03-27 | CVE-2018-8048 | Cross-site Scripting vulnerability in multiple products In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | 4.3 |
| 2018-03-27 | CVE-2018-8764 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. | 6.8 |
| 2018-03-27 | CVE-2018-8763 | Cross-site Scripting vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. | 4.3 |
| 2018-03-27 | CVE-2018-0202 | Out-of-bounds Read vulnerability in multiple products clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 4.3 |