Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-27 | CVE-2017-2618 | Off-by-one Error vulnerability in multiple products A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. | 5.5 |
| 2018-07-27 | CVE-2017-2616 | Race Condition vulnerability in multiple products A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. | 4.7 |
| 2018-07-27 | CVE-2018-10882 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel's ext4 filesystem. | 5.5 |
| 2018-07-27 | CVE-2018-1056 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. | 6.8 |
| 2018-07-27 | CVE-2017-2670 | Infinite Loop vulnerability in multiple products It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | 5.0 |
| 2018-07-27 | CVE-2017-15120 | NULL Pointer Dereference vulnerability in multiple products An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. | 5.0 |
| 2018-07-27 | CVE-2017-2666 | HTTP Request Smuggling vulnerability in multiple products It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. | 6.4 |
| 2018-07-27 | CVE-2017-12151 | Cryptographic Issues vulnerability in multiple products A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. | 5.8 |
| 2018-07-26 | CVE-2015-9261 | NULL Pointer Dereference vulnerability in multiple products huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | 5.5 |
| 2018-07-26 | CVE-2018-10881 | Out-of-bounds Write vulnerability in multiple products A flaw was found in the Linux kernel's ext4 filesystem. | 5.5 |