Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-23 | CVE-2018-5950 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | 6.1 |
| 2018-01-23 | CVE-2017-15105 | Improper Input Validation vulnerability in multiple products A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. | 5.3 |
| 2018-01-19 | CVE-2018-5786 | Infinite Loop vulnerability in multiple products In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). | 5.5 |
| 2018-01-19 | CVE-2018-5785 | Integer Overflow or Wraparound vulnerability in multiple products In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). | 6.5 |
| 2018-01-19 | CVE-2018-5784 | Resource Exhaustion vulnerability in multiple products In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. | 6.5 |
| 2018-01-18 | CVE-2017-12197 | Improper Input Validation vulnerability in multiple products It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. | 6.5 |
| 2018-01-18 | CVE-2018-2678 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 4.3 |
| 2018-01-18 | CVE-2018-2677 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). | 4.3 |
| 2018-01-18 | CVE-2018-2668 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |
| 2018-01-18 | CVE-2018-2665 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). | 6.5 |