Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-19 CVE-2018-7225 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer through 0.9.11.
network
low complexity
libvncserver-project debian canonical redhat CWE-190
critical
9.8
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
critical
9.8
2018-02-16 CVE-2018-7186 Out-of-bounds Write vulnerability in multiple products
Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions.
network
low complexity
leptonica debian CWE-787
critical
9.8
2018-02-15 CVE-2018-7054 Use After Free vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi canonical debian CWE-416
critical
9.8
2018-02-15 CVE-2018-7053 Use After Free vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-416
critical
9.8
2018-02-14 CVE-2017-18187 Integer Overflow or Wraparound vulnerability in multiple products
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
network
low complexity
arm debian CWE-190
critical
9.8
2018-02-13 CVE-2018-0488 Out-of-bounds Write vulnerability in multiple products
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.
network
low complexity
arm debian CWE-787
critical
9.8
2018-02-13 CVE-2018-0487 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.
network
low complexity
arm debian CWE-119
critical
9.8
2018-02-09 CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
network
low complexity
libreoffice debian canonical redhat
critical
9.8
2018-02-08 CVE-2018-6789 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1.
network
low complexity
exim debian canonical CWE-120
critical
9.8