Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-18	CVE-2018-2599	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). network high complexity oracle redhat debian canonical schneider-electric hp	4.8
2018-01-18	CVE-2018-2588	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). network low complexity oracle redhat debian canonical schneider-electric hp	4.3
2018-01-18	CVE-2018-2582	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). network low complexity oracle redhat debian canonical schneider-electric hp	6.5
2018-01-18	CVE-2018-2579	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). network high complexity oracle redhat debian canonical schneider-electric hp	3.7
2018-01-18	CVE-2018-2562	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). network low complexity oracle mariadb debian canonical netapp redhat	7.5
2018-01-17	CVE-2018-5764	The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. network low complexity samba debian canonical	7.5
2018-01-17	CVE-2018-5747	Use After Free vulnerability in multiple products In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). local low complexity long-range-zip-project debian CWE-416	5.5
2018-01-16	CVE-2018-5712	Cross-site Scripting vulnerability in PHP An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. network php debian canonical CWE-79	4.3
2018-01-16	CVE-2018-5711	Infinite Loop vulnerability in multiple products gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. local low complexity php debian canonical CWE-835	5.5
2018-01-16	CVE-2018-5704	Use of Externally-Controlled Format String vulnerability in multiple products Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site. network debian openocd CWE-134 critical	9.3