Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-17 CVE-2018-12029 Race Condition vulnerability in multiple products
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured.
local
high complexity
phusion debian CWE-362
7.0
7.0
2018-06-13 CVE-2018-11806 Out-of-bounds Write vulnerability in multiple products
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
local
low complexity
qemu canonical redhat debian CWE-787
8.2
8.2
2018-06-13 CVE-2018-11406 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
low complexity
sensiolabs debian CWE-352
8.8
8.8
2018-06-13 CVE-2018-11385 Session Fixation vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian fedoraproject CWE-384
8.1
8.1
2018-06-13 CVE-2018-12265 Integer Overflow or Wraparound vulnerability in multiple products
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
network
low complexity
exiv2 debian canonical CWE-190
8.8
8.8
2018-06-13 CVE-2018-12264 Integer Overflow or Wraparound vulnerability in multiple products
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
network
low complexity
exiv2 debian canonical CWE-190
8.8
8.8
2018-06-12 CVE-2018-5848 Integer Overflow or Wraparound vulnerability in multiple products
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly.
local
low complexity
google redhat debian CWE-190
7.8
7.8
2018-06-12 CVE-2018-0496 Path Traversal vulnerability in multiple products
Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.
network
low complexity
dinknetwork debian CWE-22
7.5
7.5
2018-06-12 CVE-2018-5814 Race Condition vulnerability in multiple products
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
local
high complexity
linux debian canonical CWE-362
7.0
7.0
2018-06-12 CVE-2018-12249 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in mruby 1.4.1.
network
low complexity
mruby debian CWE-476
7.5
7.5