Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-16 | CVE-2018-14567 | Infinite Loop vulnerability in multiple products libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | 4.3 |
2018-08-14 | CVE-2018-14348 | Information Exposure vulnerability in multiple products libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. | 8.1 |
2018-08-10 | CVE-2018-6553 | The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. | 4.6 |
2018-08-09 | CVE-2018-10925 | Incorrect Authorization vulnerability in multiple products It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... | 8.1 |
2018-08-09 | CVE-2018-10915 | SQL Injection vulnerability in multiple products A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. | 6.0 |
2018-08-08 | CVE-2018-14526 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. | 3.3 |
2018-08-08 | CVE-2018-15209 | Out-of-bounds Write vulnerability in multiple products ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. | 6.8 |
2018-08-07 | CVE-2018-5953 | Information Exposure vulnerability in multiple products The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call. | 2.1 |
2018-08-06 | CVE-2017-16790 | Improper Input Validation vulnerability in multiple products An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 4.0 |
2018-08-06 | CVE-2017-16654 | Path Traversal vulnerability in multiple products An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 5.0 |