Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-13 CVE-2018-0487 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
network
low complexity
arm debian CWE-119
critical
 9.8
9.8
2018-02-09 CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
network
low complexity
libreoffice debian canonical redhat
critical
 9.8
9.8
2018-02-08 CVE-2018-6789 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1.
network
low complexity
exim debian canonical CWE-120
critical
 9.8
9.8
2018-02-06 CVE-2017-7525 Incomplete Blacklist vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian netapp redhat oracle CWE-184
critical
 9.8
9.8
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
 9.8
9.8
2018-02-03 CVE-2018-6596 Information Exposure vulnerability in multiple products
webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.
network
low complexity
django-anymail-project debian CWE-200
critical
 9.1
9.1
2018-02-02 CVE-2018-6521 The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters.
network
low complexity
simplesamlphp debian
critical
 9.8
9.8
2018-01-29 CVE-2016-10711 HTTP Request Smuggling vulnerability in multiple products
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
network
low complexity
debian apsis CWE-444
critical
 9.8
9.8
2018-01-26 CVE-2017-12379 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
network
low complexity
debian clamav CWE-119
critical
 9.8
9.8
2018-01-26 CVE-2017-12377 Out-of-bounds Read vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
network
low complexity
debian clamav CWE-125
critical
 9.8
9.8