Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-04-17 CVE-2018-10191 Integer Overflow or Wraparound vulnerability in multiple products
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free.
network
low complexity
mruby debian CWE-190
critical
 9.8
9.8
2018-04-17 CVE-2018-6913 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
network
low complexity
debian perl canonical CWE-787
critical
 9.8
9.8
2018-04-17 CVE-2018-6797 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Perl 5.18 through 5.26.
network
low complexity
debian perl canonical redhat CWE-787
critical
 9.8
9.8
2018-04-13 CVE-2017-0372 Injection vulnerability in multiple products
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
network
low complexity
mediawiki debian CWE-74
critical
 9.8
9.8
2018-04-13 CVE-2017-0359 diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.
network
low complexity
reproducible-builds debian
critical
 9.8
9.8
2018-04-13 CVE-2017-0357 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.
network
low complexity
iucode-tool-project debian CWE-119
critical
 9.8
9.8
2018-04-13 CVE-2017-0356 Improper Authentication vulnerability in multiple products
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
network
low complexity
ikiwiki debian CWE-287
critical
 9.8
9.8
2018-04-06 CVE-2018-1270 Code Injection vulnerability in multiple products
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware oracle redhat debian CWE-94
critical
 9.8
9.8
2018-04-03 CVE-2018-8780 Path Traversal vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters.
network
low complexity
ruby-lang canonical debian CWE-22
critical
 9.1
9.1
2018-03-29 CVE-2018-7600 Improper Input Validation vulnerability in multiple products
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
network
low complexity
drupal debian CWE-20
critical
 9.8
9.8