Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-08 | CVE-2018-5269 | Reachable Assertion vulnerability in multiple products In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. | 4.3 |
| 2018-01-08 | CVE-2018-5268 | Out-of-bounds Write vulnerability in multiple products In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. | 4.3 |
| 2018-01-06 | CVE-2018-5207 | Use of Externally-Controlled Format String vulnerability in multiple products When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | 5.0 |
| 2018-01-06 | CVE-2018-5205 | Use of Externally-Controlled Format String vulnerability in multiple products When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | 5.0 |
| 2018-01-05 | CVE-2018-5251 | Incorrect Conversion between Numeric Types vulnerability in multiple products In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). | 4.3 |
| 2018-01-05 | CVE-2018-5248 | Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | 6.8 |
| 2018-01-04 | CVE-2017-1665 | Inadequate Encryption Strength vulnerability in multiple products IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 4.3 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 4.7 |
| 2018-01-03 | CVE-2017-1000472 | Path Traversal vulnerability in multiple products The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". | 5.8 |
| 2018-01-02 | CVE-2017-1000433 | Improper Authentication vulnerability in multiple products pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. | 6.8 |