Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-06 | CVE-2018-5206 | NULL Pointer Dereference vulnerability in multiple products When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. | 9.8 |
| 2018-01-06 | CVE-2018-5205 | Use of Externally-Controlled Format String vulnerability in multiple products When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | 7.5 |
| 2018-01-05 | CVE-2018-5251 | Incorrect Conversion between Numeric Types vulnerability in multiple products In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). | 6.5 |
| 2018-01-05 | CVE-2018-5248 | Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | 8.8 |
| 2018-01-04 | CVE-2017-1665 | Inadequate Encryption Strength vulnerability in multiple products IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |
| 2018-01-04 | CVE-2017-5715 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |
| 2018-01-03 | CVE-2017-1000487 | OS Command Injection vulnerability in multiple products Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. | 9.8 |
| 2018-01-03 | CVE-2017-1000472 | Path Traversal vulnerability in multiple products The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | 6.5 |
| 2018-01-03 | CVE-2017-1000476 | Resource Exhaustion vulnerability in multiple products ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. | 6.5 |