Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-10 CVE-2018-10958 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.
network
low complexity
exiv2 debian canonical CWE-119
6.5
6.5
2018-05-09 CVE-2018-10940 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
local
low complexity
linux debian CWE-119
5.5
5.5
2018-05-06 CVE-2018-10768 NULL Pointer Dereference vulnerability in multiple products
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5.
network
low complexity
freedesktop canonical debian redhat CWE-476
6.5
6.5
2018-05-06 CVE-2018-0494 Improper Input Validation vulnerability in multiple products
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
network
low complexity
gnu canonical debian redhat CWE-20
6.5
6.5
2018-04-29 CVE-2018-10547 Cross-site Scripting vulnerability in multiple products
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-79
6.1
6.1
2018-04-29 CVE-2018-10545 Information Exposure vulnerability in multiple products
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4.
local
high complexity
php canonical debian netapp CWE-200
4.7
4.7
2018-04-29 CVE-2018-10540 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier for W64 input.
local
low complexity
wavpack debian CWE-787
5.5
5.5
2018-04-29 CVE-2018-10539 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input.
local
low complexity
wavpack debian CWE-787
5.5
5.5
2018-04-29 CVE-2018-10538 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier for WAV input.
local
low complexity
wavpack debian CWE-787
5.5
5.5
2018-04-27 CVE-2018-10472 Information Exposure vulnerability in multiple products
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
local
high complexity
xen debian CWE-200
5.6
5.6