Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-04 CVE-2018-9261 Excessive Iteration vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow.
network
low complexity
wireshark debian CWE-834
7.5
7.5
2018-04-04 CVE-2018-9260 Improper Input Validation vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2018-04-04 CVE-2018-9259 Improper Input Validation vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2018-04-04 CVE-2018-9258 Improper Input Validation vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2018-04-04 CVE-2018-9256 Improper Input Validation vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2018-04-03 CVE-2018-9240 NULL Pointer Dereference vulnerability in multiple products
ncmpc through 0.29 is prone to a NULL pointer dereference flaw.
network
low complexity
ncmpc-project debian canonical CWE-476
7.5
7.5
2018-04-03 CVE-2018-8779 Improper Input Validation vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters.
network
low complexity
ruby-lang canonical debian CWE-20
7.5
7.5
2018-04-03 CVE-2018-8778 Use of Externally-Controlled Format String vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
network
low complexity
ruby-lang canonical debian redhat CWE-134
7.5
7.5
2018-04-03 CVE-2018-8777 Resource Exhaustion vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
network
low complexity
ruby-lang debian canonical redhat CWE-400
7.5
7.5
2018-04-03 CVE-2018-6914 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a ..
network
low complexity
ruby-lang canonical debian redhat CWE-22
7.5
7.5