Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2018-14661 It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack.
network
low complexity
gluster debian redhat
6.5
6.5
2018-10-31 CVE-2018-14659 The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr.
network
low complexity
redhat debian
6.5
6.5
2018-10-31 CVE-2018-14654 The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator.
network
low complexity
redhat debian
6.5
6.5
2018-10-31 CVE-2018-14652 The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function.
network
low complexity
redhat debian
6.5
6.5
2018-10-31 CVE-2018-18873 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in JasPer 2.0.14.
local
low complexity
jasper-project canonical debian suse CWE-476
5.5
5.5
2018-10-30 CVE-2018-16468 Cross-site Scripting vulnerability in multiple products
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
network
low complexity
loofah-project debian CWE-79
5.4
5.4
2018-10-30 CVE-2018-0734 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
5.9
2018-10-29 CVE-2018-0735 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
5.9
2018-10-29 CVE-2018-18710 Information Exposure vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.19.
local
low complexity
linux canonical debian CWE-200
5.5
5.5
2018-10-26 CVE-2018-18690 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.
local
low complexity
linux canonical debian CWE-754
5.5
5.5