Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-05-16 CVE-2018-8014 Insecure Default Initialization of Resource vulnerability in multiple products
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins.
network
low complexity
apache canonical debian netapp CWE-1188
critical
9.8
2018-05-07 CVE-2018-10771 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
moinejf debian fedoraproject CWE-787
critical
9.8
2018-05-05 CVE-2018-10753 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
moinejf debian fedoraproject CWE-787
critical
9.8
2018-04-13 CVE-2017-0359 diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.
network
low complexity
reproducible-builds debian
critical
10.0
2018-04-06 CVE-2018-1270 Code Injection vulnerability in multiple products
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware oracle redhat debian CWE-94
critical
9.8
2018-03-28 CVE-2017-11509 SQL Injection vulnerability in multiple products
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
network
low complexity
firebirdsql debian CWE-89
critical
9.0
2018-03-26 CVE-2018-1312 Improper Authentication vulnerability in multiple products
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed.
network
low complexity
apache canonical debian netapp redhat CWE-287
critical
9.8
2018-03-23 CVE-2018-1000140 Out-of-bounds Write vulnerability in multiple products
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution.
network
low complexity
rsyslog debian canonical redhat CWE-787
critical
9.8
2018-02-26 CVE-2018-7489 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2018-02-23 CVE-2018-7440 OS Command Injection vulnerability in multiple products
An issue was discovered in Leptonica through 1.75.3.
network
low complexity
leptonica debian CWE-78
critical
9.8