Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-13 | CVE-2017-0359 | diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. | 10.0 |
| 2018-04-13 | CVE-2017-0358 | Improper Privilege Management vulnerability in multiple products Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. | 7.2 |
| 2018-04-13 | CVE-2017-0357 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption. | 7.5 |
| 2018-04-13 | CVE-2017-0356 | Improper Authentication vulnerability in multiple products A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. | 7.5 |
| 2018-04-13 | CVE-2016-9646 | Improper Authentication vulnerability in multiple products ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. | 5.0 |
| 2018-04-13 | CVE-2018-10087 | Improper Input Validation vulnerability in Linux Kernel The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | 2.1 |
| 2018-04-12 | CVE-2018-1084 | Integer Overflow or Wraparound vulnerability in multiple products corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. | 7.5 |
| 2018-04-12 | CVE-2018-1086 | Information Exposure vulnerability in multiple products pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. | 5.0 |
| 2018-04-12 | CVE-2018-10061 | Cross-site Scripting vulnerability in multiple products Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). | 3.5 |
| 2018-04-12 | CVE-2018-10060 | Cross-site Scripting vulnerability in multiple products Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | 3.5 |