Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-19 CVE-2017-7376 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
network
low complexity
xmlsoft google debian CWE-119
critical
10.0
2018-02-16 CVE-2018-7187 OS Command Injection vulnerability in multiple products
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.
network
golang debian CWE-78
critical
9.3
2018-02-16 CVE-2018-7186 Out-of-bounds Write vulnerability in multiple products
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
network
low complexity
leptonica debian CWE-787
critical
9.8
2018-02-08 CVE-2018-6789 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1.
network
low complexity
exim debian canonical CWE-120
critical
9.8
2018-02-06 CVE-2017-7525 Incomplete Blacklist vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian netapp redhat oracle CWE-184
critical
9.8
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
9.8
2018-02-03 CVE-2017-18123 Improper Input Validation vulnerability in multiple products
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
network
dokuwiki debian CWE-20
critical
9.3
2018-01-26 CVE-2017-12379 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
network
low complexity
debian clamav CWE-119
critical
10.0
2018-01-26 CVE-2017-12377 Out-of-bounds Read vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
network
low complexity
debian clamav CWE-125
critical
10.0
2018-01-26 CVE-2017-12376 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
network
debian clamav CWE-119
critical
9.3