Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-31 | CVE-2018-14651 | Link Following vulnerability in multiple products It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. | 8.8 |
2018-10-31 | CVE-2016-6328 | Integer Overflow or Wraparound vulnerability in multiple products A vulnerability was found in libexif. | 8.1 |
2018-10-31 | CVE-2018-11759 | Path Traversal vulnerability in multiple products The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. | 7.5 |
2018-10-31 | CVE-2018-14653 | Heap-based Buffer Overflow vulnerability in multiple products The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. | 8.8 |
2018-10-26 | CVE-2018-15686 | Deserialization of Untrusted Data vulnerability in multiple products A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. | 7.8 |
2018-10-26 | CVE-2018-18654 | Incorrect Permission Assignment for Critical Resource vulnerability in Debian Crossroads 2.81 Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. | 7.2 |
2018-10-25 | CVE-2018-14665 | Incorrect Authorization vulnerability in multiple products A flaw was found in xorg-x11-server before 1.20.3. | 7.2 |
2018-10-24 | CVE-2016-10729 | Command Injection vulnerability in multiple products An issue was discovered in Amanda 3.3.1. | 7.2 |
2018-10-19 | CVE-2018-18284 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | 8.6 |
2018-10-19 | CVE-2018-4013 | Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. | 7.5 |