Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-13 | CVE-2018-14040 | Cross-site Scripting vulnerability in multiple products In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | 6.1 |
| 2018-07-11 | CVE-2018-11529 | Use After Free vulnerability in multiple products VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. | 6.8 |
| 2018-07-10 | CVE-2018-1128 | Improper Authentication vulnerability in multiple products It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. | 5.4 |
| 2018-07-10 | CVE-2018-10888 | Out-of-bounds Read vulnerability in multiple products A flaw was found in libgit2 before version 0.27.3. | 6.5 |
| 2018-07-10 | CVE-2018-10861 | Improper Authentication vulnerability in multiple products A flaw was found in the way ceph mon handles user requests. | 5.5 |
| 2018-07-05 | CVE-2018-13302 | Improper Validation of Array Index vulnerability in multiple products In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact. | 6.8 |
| 2018-07-05 | CVE-2018-13300 | Out-of-bounds Read vulnerability in multiple products In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | 5.8 |
| 2018-07-04 | CVE-2018-13139 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. | 6.8 |
| 2018-07-03 | CVE-2018-13100 | Divide By Zero vulnerability in Linux Kernel An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. | 4.3 |
| 2018-07-03 | CVE-2018-13099 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. | 5.5 |