Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-11 | CVE-2018-10001 | Out-of-bounds Read vulnerability in multiple products The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. | 6.5 |
| 2018-04-10 | CVE-2018-3838 | Out-of-bounds Read vulnerability in multiple products An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. | 6.5 |
| 2018-04-10 | CVE-2018-3837 | Out-of-bounds Read vulnerability in multiple products An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. | 5.5 |
| 2018-04-10 | CVE-2018-9989 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | 5.0 |
| 2018-04-10 | CVE-2018-9988 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | 5.0 |
| 2018-04-09 | CVE-2017-2826 | Information Exposure vulnerability in multiple products An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. | 4.3 |
| 2018-04-06 | CVE-2018-1000156 | Improper Input Validation vulnerability in multiple products GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. | 6.8 |
| 2018-04-04 | CVE-2017-18257 | Integer Overflow or Wraparound vulnerability in Linux Kernel The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. | 4.9 |
| 2018-04-03 | CVE-2018-8779 | Improper Input Validation vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. | 5.0 |
| 2018-04-03 | CVE-2018-8778 | Use of Externally-Controlled Format String vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. | 5.0 |