Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-03 CVE-2018-6596 Information Exposure vulnerability in multiple products
webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOK_AUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events.
network
low complexity
django-anymail-project debian CWE-200
critical
 9.1
9.1
2018-02-02 CVE-2018-6521 The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters.
network
low complexity
simplesamlphp debian
critical
 9.8
9.8
2018-01-29 CVE-2016-10711 HTTP Request Smuggling vulnerability in multiple products
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
network
low complexity
debian apsis CWE-444
critical
 9.8
9.8
2018-01-26 CVE-2017-12379 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
network
low complexity
debian clamav CWE-119
critical
 9.8
9.8
2018-01-26 CVE-2017-12377 Out-of-bounds Read vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
network
low complexity
debian clamav CWE-125
critical
 9.8
9.8
2018-01-24 CVE-2018-1000007 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties.
network
low complexity
haxx debian canonical redhat fujitsu
critical
 9.8
9.8
2018-01-24 CVE-2018-1000005 Out-of-bounds Read vulnerability in multiple products
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers.
network
low complexity
haxx debian canonical CWE-125
critical
 9.1
9.1
2018-01-24 CVE-2017-12187 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
 9.8
9.8
2018-01-24 CVE-2017-12186 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
 9.8
9.8
2018-01-24 CVE-2017-12185 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
 9.8
9.8