Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-08 CVE-2018-1000168 NULL Pointer Dereference vulnerability in multiple products
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service.
network
low complexity
nghttp2 nodejs debian CWE-476
7.5
7.5
2018-05-08 CVE-2018-10380 Link Following vulnerability in multiple products
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
local
low complexity
kde debian opensuse CWE-59
7.8
7.8
2018-05-01 CVE-2018-10583 Information Exposure vulnerability in multiple products
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.
network
low complexity
libreoffice apache debian redhat canonical CWE-200
7.5
7.5
2018-04-29 CVE-2018-10549 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-125
8.8
8.8
2018-04-29 CVE-2018-10548 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-476
7.5
7.5
2018-04-29 CVE-2018-10546 Infinite Loop vulnerability in multiple products
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-835
7.5
7.5
2018-04-29 CVE-2018-10537 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier.
local
low complexity
wavpack debian CWE-119
7.8
7.8
2018-04-29 CVE-2018-10536 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier.
local
low complexity
wavpack debian CWE-787
7.8
7.8
2018-04-26 CVE-2016-9602 Link Following vulnerability in multiple products
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS.
network
low complexity
qemu debian CWE-59
8.8
8.8
2018-04-26 CVE-2018-10393 Out-of-bounds Read vulnerability in multiple products
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
network
low complexity
xiph-org debian redhat CWE-125
7.5
7.5