Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-07 | CVE-2018-19058 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |
| 2018-11-07 | CVE-2018-16845 | Resource Exhaustion vulnerability in multiple products nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. | 5.8 |
| 2018-11-07 | CVE-2018-19052 | Path Traversal vulnerability in multiple products An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. | 5.0 |
| 2018-11-06 | CVE-2014-10077 | Improper Input Validation vulnerability in multiple products Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | 5.0 |
| 2018-11-05 | CVE-2018-18820 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. | 6.8 |
| 2018-11-02 | CVE-2018-18897 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |
| 2018-11-01 | CVE-2018-14660 | Resource Exhaustion vulnerability in multiple products A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. | 6.5 |
| 2018-11-01 | CVE-2016-2120 | Integer Overflow or Wraparound vulnerability in multiple products An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. | 4.0 |
| 2018-10-31 | CVE-2018-14661 | Improper Input Validation vulnerability in multiple products It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. | 6.5 |
| 2018-10-31 | CVE-2018-16842 | Out-of-bounds Read vulnerability in multiple products Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | 6.4 |