Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-28 | CVE-2018-6360 | Improper Input Validation vulnerability in multiple products mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. | 8.8 |
| 2018-01-27 | CVE-2018-6359 | Use After Free vulnerability in multiple products The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | 8.8 |
| 2018-01-27 | CVE-2018-6358 | Out-of-bounds Write vulnerability in multiple products The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file. | 8.8 |
| 2018-01-26 | CVE-2017-12380 | NULL Pointer Dereference vulnerability in multiple products ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2018-01-26 | CVE-2017-12376 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. | 7.8 |
| 2018-01-26 | CVE-2017-12375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2018-01-26 | CVE-2017-12374 | Use After Free vulnerability in multiple products The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2018-01-26 | CVE-2017-18076 | In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase. | 7.5 |
| 2018-01-25 | CVE-2018-6315 | Integer Overflow or Wraparound vulnerability in multiple products The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | 8.8 |
| 2018-01-25 | CVE-2017-15132 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. | 7.5 |