Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-19 | CVE-2018-7254 | Out-of-bounds Read vulnerability in multiple products The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. | 6.8 |
| 2018-02-19 | CVE-2018-7253 | Out-of-bounds Read vulnerability in multiple products The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. | 6.8 |
| 2018-02-19 | CVE-2018-5381 | Infinite Loop vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. | 5.0 |
| 2018-02-19 | CVE-2018-5380 | Out-of-bounds Read vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | 4.0 |
| 2018-02-19 | CVE-2018-5378 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. | 4.9 |
| 2018-02-16 | CVE-2018-1049 | Race Condition vulnerability in multiple products In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. | 4.3 |
| 2018-02-16 | CVE-2017-18190 | Authentication Bypass by Spoofing vulnerability in multiple products A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. | 5.0 |
| 2018-02-15 | CVE-2018-7052 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 5.0 |
| 2018-02-15 | CVE-2018-7051 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 5.0 |
| 2018-02-15 | CVE-2018-7050 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 5.0 |