Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-12 | CVE-2018-5848 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. | 4.6 |
2018-06-12 | CVE-2018-0496 | Path Traversal vulnerability in multiple products Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system. | 6.4 |
2018-06-12 | CVE-2018-5814 | Race Condition vulnerability in Linux Kernel In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. | 6.9 |
2018-06-12 | CVE-2018-5803 | Improper Input Validation vulnerability in Linux Kernel In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. | 4.9 |
2018-06-12 | CVE-2018-12249 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in mruby 1.4.1. | 5.0 |
2018-06-12 | CVE-2018-12227 | Information Exposure vulnerability in multiple products An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. | 5.0 |
2018-06-11 | CVE-2018-5185 | Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form. | 4.3 |
2018-06-11 | CVE-2018-5184 | Inadequate Encryption Strength vulnerability in multiple products Using remote content in encrypted messages can lead to the disclosure of plaintext. | 5.0 |
2018-06-11 | CVE-2018-5178 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. | 6.8 |
2018-06-11 | CVE-2018-5170 | Improper Input Validation vulnerability in multiple products It is possible to spoof the filename of an attachment and display an arbitrary attachment name. | 4.3 |