Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-12 CVE-2018-18225 Incorrect Calculation vulnerability in multiple products
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash.
network
low complexity
wireshark debian opensuse CWE-682
7.5
7.5
2018-10-09 CVE-2018-17962 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
network
low complexity
qemu suse debian canonical redhat oracle CWE-190
7.5
7.5
2018-10-09 CVE-2018-17958 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
network
low complexity
qemu canonical debian redhat CWE-190
7.5
7.5
2018-10-08 CVE-2018-1000805 Incorrect Authorization vulnerability in multiple products
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE.
network
low complexity
paramiko redhat debian canonical CWE-863
8.8
8.8
2018-10-07 CVE-2018-18021 Improper Input Validation vulnerability in multiple products
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl.
local
low complexity
linux debian canonical CWE-20
7.1
7.1
2018-10-03 CVE-2018-17540 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
network
low complexity
strongswan debian canonical CWE-119
7.5
7.5
2018-10-01 CVE-2015-9268 Improper Input Validation vulnerability in multiple products
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll.
local
low complexity
nullsoft debian CWE-20
7.8
7.8
2018-09-28 CVE-2018-14648 Resource Exhaustion vulnerability in multiple products
A flaw was found in 389 Directory Server.
network
low complexity
fedoraproject redhat debian CWE-400
7.5
7.5
2018-09-26 CVE-2018-16152 Improper Verification of Cryptographic Signature vulnerability in multiple products
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification.
network
low complexity
strongswan debian canonical CWE-347
7.5
7.5
2018-09-26 CVE-2018-16151 Improper Verification of Cryptographic Signature vulnerability in multiple products
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification.
network
low complexity
strongswan debian canonical CWE-347
7.5
7.5