Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2018-06-18 CVE-2018-1152 Divide By Zero vulnerability in multiple products
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
4.3
2018-06-18 CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method.
network
low complexity
python fedoraproject canonical redhat debian
7.5
2018-06-17 CVE-2018-12029 Race Condition vulnerability in multiple products
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured.
4.4
2018-06-17 CVE-2018-11219 Integer Overflow or Wraparound vulnerability in multiple products
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
network
low complexity
redislabs debian oracle redhat CWE-190
7.5
2018-06-17 CVE-2018-11218 Out-of-bounds Write vulnerability in multiple products
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
network
low complexity
redislabs debian oracle redhat CWE-787
7.5
2018-06-15 CVE-2018-12495 Out-of-bounds Read vulnerability in multiple products
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
4.3
2018-06-15 CVE-2018-12458 Improper Input Validation vulnerability in multiple products
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
network
ffmpeg debian CWE-20
4.3
2018-06-13 CVE-2018-0495 Information Exposure Through Discrepancy vulnerability in multiple products
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP.
local
high complexity
gnupg canonical debian redhat oracle CWE-203
4.7
2018-06-13 CVE-2018-10850 Race Condition vulnerability in multiple products
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load.
7.1
2018-06-13 CVE-2018-11806 Out-of-bounds Write vulnerability in multiple products
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
local
low complexity
qemu canonical redhat debian CWE-787
7.2