Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-03-01 CVE-2018-7584 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c.
network
low complexity
php canonical debian CWE-119
critical
9.8
2018-02-28 CVE-2018-7556 Information Exposure vulnerability in multiple products
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
network
low complexity
limesurvey debian CWE-200
critical
9.1
2018-02-28 CVE-2018-7554 Use After Free vulnerability in multiple products
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4.
network
low complexity
sam2p-project debian CWE-416
critical
9.8
2018-02-28 CVE-2018-7553 Out-of-bounds Write vulnerability in multiple products
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4.
network
low complexity
sam2p-project debian CWE-787
critical
9.8
2018-02-28 CVE-2018-7552 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4.
network
low complexity
sam2p-project debian CWE-119
critical
9.8
2018-02-28 CVE-2018-7551 Use After Free vulnerability in multiple products
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4.
network
low complexity
sam2p-project debian CWE-416
critical
9.8
2018-02-26 CVE-2018-7489 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2018-02-23 CVE-2018-7440 OS Command Injection vulnerability in multiple products
An issue was discovered in Leptonica through 1.75.3.
network
low complexity
leptonica debian CWE-78
critical
9.8
2018-02-19 CVE-2017-7376 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
network
low complexity
xmlsoft google debian CWE-119
critical
9.8
2018-02-19 CVE-2017-7375 XXE vulnerability in multiple products
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes).
network
low complexity
xmlsoft debian google CWE-611
critical
9.8