Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-15 | CVE-2018-5702 | Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack. | 8.8 |
| 2018-01-14 | CVE-2018-5686 | Infinite Loop vulnerability in multiple products In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. | 5.5 |
| 2018-01-14 | CVE-2018-5685 | Infinite Loop vulnerability in multiple products In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). | 6.5 |
| 2018-01-13 | CVE-2018-0486 | Improper Verification of Cryptographic Signature vulnerability in multiple products Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD. | 6.5 |
| 2018-01-12 | CVE-2017-13194 | Improper Input Validation vulnerability in multiple products A vulnerability in the Android media framework (libvpx) related to odd frame width. | 7.5 |
| 2018-01-12 | CVE-2018-5345 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. | 7.8 |
| 2018-01-11 | CVE-2018-5336 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. | 7.5 |
| 2018-01-11 | CVE-2018-5335 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. | 6.5 |
| 2018-01-11 | CVE-2018-5334 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. | 6.5 |
| 2018-01-11 | CVE-2018-5333 | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. | 5.5 |