Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-19 | CVE-2018-2794 | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). | 7.7 |
| 2018-04-19 | CVE-2018-2755 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). | 7.7 |
| 2018-04-18 | CVE-2018-10194 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |
| 2018-04-18 | CVE-2018-1000164 | CRLF Injection vulnerability in multiple products gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. | 7.5 |
| 2018-04-18 | CVE-2018-1088 | A privilege escalation flaw was found in gluster 3.x snapshot scheduler. | 8.1 |
| 2018-04-17 | CVE-2018-6798 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Perl 5.22 through 5.26. | 7.5 |
| 2018-04-16 | CVE-2018-10120 | Improper Validation of Array Index vulnerability in multiple products The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. | 7.8 |
| 2018-04-16 | CVE-2018-10119 | Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. | 7.8 |
| 2018-04-13 | CVE-2017-0367 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | 8.8 |
| 2018-04-13 | CVE-2017-0362 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | 8.8 |