Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-13 CVE-2018-1000077 Improper Input Validation vulnerability in multiple products
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL.
network
low complexity
rubygems debian CWE-20
5.3
5.3
2018-03-13 CVE-2018-1000069 XXE vulnerability in multiple products
FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine.
local
low complexity
freeplane debian CWE-611
5.5
5.5
2018-03-13 CVE-2018-8087 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
local
low complexity
linux debian canonical CWE-772
5.5
5.5
2018-03-09 CVE-2018-7537 Incorrect Regular Expression vulnerability in multiple products
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19.
network
low complexity
canonical djangoproject debian CWE-185
5.3
5.3
2018-03-09 CVE-2018-7536 Incorrect Regular Expression vulnerability in multiple products
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19.
network
low complexity
canonical djangoproject debian redhat CWE-185
5.3
5.3
2018-03-09 CVE-2016-9591 Use After Free vulnerability in multiple products
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
local
low complexity
jasper-project redhat debian CWE-416
5.5
5.5
2018-03-09 CVE-2018-7995 Race Condition vulnerability in multiple products
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory.
local
high complexity
linux canonical debian CWE-362
4.7
4.7
2018-03-09 CVE-2018-1071 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function.
local
low complexity
zsh debian canonical redhat
5.5
5.5
2018-03-08 CVE-2018-7877 Out-of-bounds Write vulnerability in multiple products
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data.
network
low complexity
libming debian CWE-787
6.5
6.5
2018-03-08 CVE-2018-7876 Resource Exhaustion vulnerability in multiple products
In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.
network
low complexity
libming debian CWE-400
6.5
6.5