Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-18 CVE-2018-12359 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries.
network
low complexity
redhat debian canonical mozilla CWE-119
8.8
8.8
2018-10-17 CVE-2018-3169 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
network
high complexity
oracle redhat debian canonical hp
8.3
8.3
2018-10-17 CVE-2018-3149 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI).
network
high complexity
oracle redhat debian canonical hp
8.3
8.3
2018-10-15 CVE-2018-17961 Information Exposure Through an Error Message vulnerability in multiple products
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup.
local
low complexity
artifex debian canonical redhat CWE-209
8.6
8.6
2018-10-12 CVE-2018-18227 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash.
network
low complexity
wireshark debian CWE-476
7.5
7.5
2018-10-12 CVE-2018-18226 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory.
network
low complexity
wireshark debian CWE-772
7.5
7.5
2018-10-12 CVE-2018-18225 Incorrect Calculation vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash.
network
low complexity
wireshark debian opensuse CWE-682
7.5
7.5
2018-10-09 CVE-2018-17962 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
network
low complexity
qemu suse debian canonical redhat oracle CWE-190
7.5
7.5
2018-10-09 CVE-2018-17958 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
network
low complexity
qemu canonical debian redhat CWE-190
7.5
7.5
2018-10-08 CVE-2018-1000805 Incorrect Authorization vulnerability in multiple products
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE.
network
low complexity
paramiko redhat debian canonical CWE-863
8.8
8.8