Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2018-11408 Open Redirect vulnerability in multiple products
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container.
network
low complexity
sensiolabs debian CWE-601
6.1
2018-06-13 CVE-2018-11406 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
low complexity
sensiolabs debian CWE-352
8.8
2018-06-13 CVE-2018-11386 Insufficient Session Expiration vulnerability in multiple products
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian CWE-613
5.9
2018-06-13 CVE-2018-11385 Session Fixation vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian fedoraproject CWE-384
8.1
2018-06-13 CVE-2017-16652 Open Redirect vulnerability in multiple products
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13.
5.8
2018-06-13 CVE-2018-12265 Out-of-bounds Read vulnerability in multiple products
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
6.8
2018-06-13 CVE-2018-12264 Out-of-bounds Read vulnerability in multiple products
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
6.8
2018-06-12 CVE-2018-5848 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly.
local
low complexity
google redhat debian CWE-119
4.6
2018-06-12 CVE-2018-0496 Path Traversal vulnerability in multiple products
Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.
network
low complexity
dinknetwork debian CWE-22
6.4
2018-06-12 CVE-2018-5814 Race Condition vulnerability in Linux Kernel
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
6.9