Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-07-17 CVE-2018-14350 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.
network
low complexity
mutt neomutt debian canonical CWE-787
critical
 9.8
9.8
2018-07-17 CVE-2018-14349 Improper Input Validation vulnerability in multiple products
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.
network
low complexity
debian mutt neomutt canonical CWE-20
critical
 9.8
9.8
2018-07-16 CVE-2018-12584 Classic Buffer Overflow vulnerability in multiple products
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.
network
low complexity
resiprocate debian CWE-120
critical
 9.8
9.8
2018-07-05 CVE-2018-12910 Out-of-bounds Read vulnerability in multiple products
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
network
low complexity
gnome canonical debian redhat opensuse CWE-125
critical
 9.8
9.8
2018-07-03 CVE-2017-2615 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen
critical
 9.1
9.1
2018-07-02 CVE-2018-12892 Information Exposure vulnerability in multiple products
An issue was discovered in Xen 4.7 through 4.10.x.
network
low complexity
debian xen CWE-200
critical
 9.9
9.9
2018-07-01 CVE-2018-13043 Code Injection vulnerability in multiple products
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.
network
low complexity
debian canonical CWE-94
critical
 9.8
9.8
2018-06-29 CVE-2018-13006 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in MP4Box in GPAC 0.7.1.
network
low complexity
debian gpac canonical CWE-125
critical
 9.8
9.8
2018-06-29 CVE-2018-13005 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in MP4Box in GPAC 0.7.1.
network
low complexity
debian gpac canonical CWE-125
critical
 9.8
9.8
2018-06-26 CVE-2017-7658 HTTP Request Smuggling vulnerability in multiple products
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second.
network
low complexity
eclipse debian oracle hp netapp CWE-444
critical
 9.8
9.8