Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-3081 Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs).
network
high complexity
oracle netapp canonical debian mariadb redhat
5.0
5.0
2018-07-18 CVE-2018-3070 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump).
network
low complexity
oracle netapp canonical debian
6.5
6.5
2018-07-18 CVE-2018-3063 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges).
network
low complexity
oracle debian netapp canonical mariadb
4.9
4.9
2018-07-18 CVE-2018-3058 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM).
network
low complexity
oracle netapp canonical debian mariadb redhat
4.3
4.3
2018-07-17 CVE-2018-14355 Path Traversal vulnerability in multiple products
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.
network
low complexity
debian mutt neomutt canonical CWE-22
5.3
5.3
2018-07-17 CVE-2018-14347 Infinite Loop vulnerability in multiple products
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
network
low complexity
debian gnu CWE-835
6.5
6.5
2018-07-16 CVE-2018-0360 Integer Overflow or Wraparound vulnerability in multiple products
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file.
local
low complexity
clamav canonical debian CWE-190
5.5
5.5
2018-07-16 CVE-2014-2079 Permissions, Privileges, and Access Controls vulnerability in multiple products
X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.
local
low complexity
x-file-explorer-project debian CWE-264
5.5
5.5
2018-07-15 CVE-2018-14056 Path Traversal vulnerability in multiple products
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.
network
low complexity
znc debian CWE-22
5.3
5.3
2018-07-15 CVE-2018-14055 Improper Input Validation vulnerability in multiple products
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
network
low complexity
znc debian CWE-20
6.5
6.5