Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-04 | CVE-2018-10913 | Information Exposure Through an Error Message vulnerability in multiple products An information disclosure vulnerability was discovered in glusterfs server. | 4.0 |
| 2018-09-04 | CVE-2018-10911 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. | 5.0 |
| 2018-09-04 | CVE-2018-10907 | Stack-based Buffer Overflow vulnerability in multiple products It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. | 6.5 |
| 2018-09-04 | CVE-2018-10904 | Untrusted Search Path vulnerability in multiple products It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. | 6.5 |
| 2018-09-04 | CVE-2018-16435 | Integer Overflow or Wraparound vulnerability in multiple products Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | 4.3 |
| 2018-09-04 | CVE-2018-16430 | Out-of-bounds Read vulnerability in multiple products GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c. | 6.8 |
| 2018-09-02 | CVE-2018-16336 | Out-of-bounds Read vulnerability in multiple products Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. | 4.3 |
| 2018-09-02 | CVE-2018-16335 | Out-of-bounds Write vulnerability in multiple products newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. | 6.8 |
| 2018-08-29 | CVE-2018-8040 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. | 5.3 |
| 2018-08-29 | CVE-2018-8005 | Resource Exhaustion vulnerability in multiple products When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. | 5.3 |