Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-06 | CVE-2018-7730 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Exempi through 2.4.4. | 5.5 |
| 2018-03-06 | CVE-2018-7728 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Exempi through 2.4.4. | 5.5 |
| 2018-03-05 | CVE-2017-18219 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GraphicsMagick 1.3.26. | 6.5 |
| 2018-03-02 | CVE-2017-15130 | A denial of service flaw was found in dovecot before 2.2.34. | 5.9 |
| 2018-03-02 | CVE-2018-1066 | NULL Pointer Dereference vulnerability in multiple products The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. | 6.5 |
| 2018-03-01 | CVE-2017-6932 | Open Redirect vulnerability in multiple products Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. | 4.7 |
| 2018-03-01 | CVE-2017-6929 | Cross-site Scripting vulnerability in multiple products A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. | 6.1 |
| 2018-03-01 | CVE-2017-6928 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. | 5.3 |
| 2018-03-01 | CVE-2017-6927 | Cross-site Scripting vulnerability in multiple products Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). | 6.1 |
| 2018-02-28 | CVE-2018-1304 | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. | 5.9 |