Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-16 CVE-2018-17082 Cross-site Scripting vulnerability in multiple products
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
network
low complexity
php debian netapp CWE-79
6.1
6.1
2018-09-13 CVE-2018-17000 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file.
network
low complexity
libtiff debian canonical CWE-476
6.5
6.5
2018-09-11 CVE-2016-7074 Improper Input Validation vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures.
network
high complexity
powerdns debian CWE-20
5.9
5.9
2018-09-11 CVE-2016-7073 Improper Input Validation vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures.
network
high complexity
powerdns debian CWE-20
5.9
5.9
2018-09-10 CVE-2016-7056 A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
local
low complexity
openssl debian redhat canonical
5.5
5.5
2018-09-09 CVE-2018-16749 NULL Pointer Dereference vulnerability in multiple products
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
network
low complexity
imagemagick canonical debian CWE-476
6.5
6.5
2018-09-07 CVE-2018-16658 Information Exposure vulnerability in multiple products
An issue was discovered in the Linux kernel before 4.18.6.
local
low complexity
linux canonical debian CWE-200
6.1
6.1
2018-09-06 CVE-2018-16646 Infinite Loop vulnerability in multiple products
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file.
network
low complexity
freedesktop debian canonical CWE-835
6.5
6.5
2018-09-06 CVE-2018-16645 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
network
low complexity
imagemagick debian canonical CWE-770
6.5
6.5
2018-09-06 CVE-2018-16644 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
network
low complexity
imagemagick debian canonical CWE-119
6.5
6.5