Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-31 CVE-2017-15698 Improper Certificate Validation vulnerability in multiple products
When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes.
network
high complexity
apache debian CWE-295
5.9
2018-01-30 CVE-2011-2902 Improper Input Validation vulnerability in multiple products
zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.
network
low complexity
glyphandcog debian CWE-20
5.3
2018-01-29 CVE-2018-6392 Out-of-bounds Read vulnerability in multiple products
The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file.
network
low complexity
ffmpeg debian CWE-125
6.5
2018-01-26 CVE-2017-12378 Out-of-bounds Read vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
local
low complexity
debian clamav CWE-125
5.5
2018-01-26 CVE-2018-5750 Information Exposure vulnerability in multiple products
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
local
low complexity
linux debian canonical redhat CWE-200
5.5
2018-01-24 CVE-2018-6192 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.
local
low complexity
artifex debian CWE-119
5.5
2018-01-24 CVE-2018-6187 Out-of-bounds Write vulnerability in multiple products
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file.
local
low complexity
artifex debian CWE-787
5.5
2018-01-23 CVE-2018-5683 Out-of-bounds Read vulnerability in multiple products
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
local
low complexity
qemu debian redhat canonical CWE-125
6.0
2018-01-23 CVE-2017-18030 Out-of-bounds Read vulnerability in multiple products
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
local
low complexity
qemu debian CWE-125
4.4
2018-01-23 CVE-2018-5950 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
network
low complexity
gnu debian canonical redhat CWE-79
6.1