Vulnerabilities > Debian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-21 | CVE-2017-0916 | Improper Input Validation vulnerability in multiple products Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution. | 9.8 |
| 2018-03-21 | CVE-2017-0915 | Improper Input Validation vulnerability in multiple products Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution. | 9.8 |
| 2018-03-20 | CVE-2018-8828 | Off-by-one Error vulnerability in multiple products A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. | 9.8 |
| 2018-03-15 | CVE-2018-7033 | SQL Injection vulnerability in multiple products SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. | 9.8 |
| 2018-03-14 | CVE-2018-1000122 | Out-of-bounds Read vulnerability in multiple products A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage | 9.1 |
| 2018-03-14 | CVE-2018-1000120 | Out-of-bounds Write vulnerability in multiple products A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. | 9.8 |
| 2018-03-14 | CVE-2018-1000132 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. | 9.1 |
| 2018-03-13 | CVE-2018-7750 | Improper Authentication vulnerability in multiple products transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. | 9.8 |
| 2018-03-13 | CVE-2018-1000076 | Improper Verification of Cryptographic Signature vulnerability in multiple products RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. | 9.8 |
| 2018-03-07 | CVE-2018-1000116 | Out-of-bounds Write vulnerability in multiple products NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. | 9.8 |