Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2018-04-04 CVE-2018-9262 Improper Input Validation vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2018-04-04 CVE-2018-9261 Excessive Iteration vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow.
network
low complexity
wireshark debian CWE-834
7.5
7.5
2018-04-04 CVE-2018-9260 Improper Input Validation vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2018-04-04 CVE-2018-9259 Improper Input Validation vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2018-04-04 CVE-2018-9258 Improper Input Validation vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2018-04-04 CVE-2018-9256 Improper Input Validation vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash.
network
low complexity
wireshark debian CWE-20
7.5
7.5
2018-04-04 CVE-2018-9251 Infinite Loop vulnerability in multiple products
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
network
high complexity
xmlsoft debian CWE-835
2.6
2.6
2018-04-03 CVE-2018-9240 NULL Pointer Dereference vulnerability in multiple products
ncmpc through 0.29 is prone to a NULL pointer dereference flaw.
network
low complexity
ncmpc-project debian canonical CWE-476
7.5
7.5
2018-04-03 CVE-2018-8780 Path Traversal vulnerability in Ruby-Lang Ruby
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters.
network
low complexity
ruby-lang canonical debian CWE-22
7.5
7.5
2018-04-03 CVE-2018-8779 Improper Input Validation vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters.
network
low complexity
ruby-lang canonical debian CWE-20
5.0
5.0