Vulnerabilities > Debian > Debian Linux > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-24 | CVE-2017-2885 | Out-of-bounds Write vulnerability in multiple products An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. | 9.8 |
| 2018-04-23 | CVE-2017-17833 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | 9.8 |
| 2018-04-17 | CVE-2018-10191 | Integer Overflow or Wraparound vulnerability in multiple products In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. | 9.8 |
| 2018-04-17 | CVE-2018-6913 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. | 9.8 |
| 2018-04-17 | CVE-2018-6797 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Perl 5.18 through 5.26. | 9.8 |
| 2018-04-13 | CVE-2017-0372 | Injection vulnerability in multiple products Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | 9.8 |
| 2018-04-13 | CVE-2017-0359 | diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. | 9.8 |
| 2018-04-13 | CVE-2017-0357 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption. | 9.8 |
| 2018-04-13 | CVE-2017-0356 | Improper Authentication vulnerability in multiple products A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. | 9.8 |
| 2018-04-06 | CVE-2018-1270 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |