Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-03 | CVE-2018-8778 | Use of Externally-Controlled Format String vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure. | 5.0 |
| 2018-04-03 | CVE-2018-8777 | Resource Exhaustion vulnerability in multiple products In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). | 5.0 |
| 2018-04-03 | CVE-2018-6914 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. | 5.0 |
| 2018-04-03 | CVE-2017-17742 | HTTP Response Splitting vulnerability in multiple products Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. | 5.3 |
| 2018-04-03 | CVE-2018-0493 | Use After Free vulnerability in multiple products remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution. | 7.2 |
| 2018-04-03 | CVE-2018-0492 | Race Condition vulnerability in multiple products Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation. | 4.4 |
| 2018-04-03 | CVE-2018-4117 | Information Exposure vulnerability in Apple products An issue was discovered in certain Apple products. | 4.3 |
| 2018-04-03 | CVE-2017-7000 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in certain Apple products. | 6.8 |
| 2018-03-30 | CVE-2018-7566 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. | 4.6 |
| 2018-03-30 | CVE-2018-9132 | NULL Pointer Dereference vulnerability in multiple products libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. | 6.5 |