Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-06-11 CVE-2016-9063 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow during the parsing of XML using the Expat library.
network
low complexity
mozilla debian python CWE-190
critical
9.8
2018-06-11 CVE-2016-5297 Integer Overflow or Wraparound vulnerability in multiple products
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.
network
low complexity
mozilla debian CWE-190
critical
9.8
2018-06-11 CVE-2016-5290 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4.
network
low complexity
mozilla debian CWE-119
critical
9.8
2018-06-05 CVE-2018-11743 Access of Uninitialized Pointer vulnerability in multiple products
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.
network
low complexity
mruby debian CWE-824
critical
9.8
2018-05-29 CVE-2018-11531 Out-of-bounds Write vulnerability in multiple products
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
network
low complexity
exiv2 debian canonical CWE-787
critical
9.8
2018-05-24 CVE-2018-8013 Deserialization of Untrusted Data vulnerability in multiple products
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class.
network
low complexity
apache debian canonical oracle CWE-502
critical
9.8
2018-05-24 CVE-2018-1000301 Out-of-bounds Read vulnerability in multiple products
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content..
network
low complexity
debian canonical haxx redhat oracle CWE-125
critical
9.1
2018-05-23 CVE-2018-1126 Integer Overflow or Wraparound vulnerability in multiple products
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues.
9.8
2018-05-16 CVE-2018-8014 Insecure Default Initialization of Resource vulnerability in multiple products
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins.
network
low complexity
apache canonical debian netapp CWE-1188
critical
9.8
2018-05-08 CVE-2018-1000178 Out-of-bounds Write vulnerability in multiple products
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.
network
low complexity
quassel-irc debian CWE-787
critical
9.8