Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-29 CVE-2018-10547 Cross-site Scripting vulnerability in multiple products
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-79
6.1
6.1
2018-04-29 CVE-2018-10545 Information Exposure vulnerability in multiple products
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4.
local
high complexity
php canonical debian netapp CWE-200
4.7
4.7
2018-04-29 CVE-2018-10540 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier for W64 input.
local
low complexity
wavpack debian CWE-787
5.5
5.5
2018-04-29 CVE-2018-10539 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input.
local
low complexity
wavpack debian CWE-787
5.5
5.5
2018-04-29 CVE-2018-10538 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier for WAV input.
local
low complexity
wavpack debian CWE-787
5.5
5.5
2018-04-27 CVE-2018-10472 Information Exposure vulnerability in multiple products
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
local
high complexity
xen debian CWE-200
5.6
5.6
2018-04-27 CVE-2018-10471 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
local
low complexity
xen debian CWE-787
6.5
6.5
2018-04-25 CVE-2017-6888 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
local
low complexity
flac-project debian fedoraproject CWE-772
5.5
5.5
2018-04-24 CVE-2017-2839 An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11.
network
high complexity
freerdp debian
5.9
5.9
2018-04-24 CVE-2017-2838 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11.
network
high complexity
freerdp debian CWE-190
5.9
5.9