Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-24 CVE-2017-12086 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite.
local
low complexity
blender debian CWE-190
7.8
2018-04-24 CVE-2017-12082 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite.
local
low complexity
blender debian CWE-190
7.8
2018-04-24 CVE-2017-12081 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c.
local
low complexity
blender debian CWE-190
7.8
2018-04-23 CVE-2018-8781 Integer Overflow or Wraparound vulnerability in multiple products
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
local
low complexity
linux canonical debian redhat CWE-190
7.8
2018-04-23 CVE-2017-17833 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
network
low complexity
openslp debian canonical redhat lenovo CWE-119
7.5
2018-04-20 CVE-2014-10073 Path Traversal vulnerability in multiple products
The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.
network
low complexity
wpitchoune debian CWE-22
7.5
2018-04-19 CVE-2018-2814 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). 8.3
2018-04-19 CVE-2018-2794 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). 7.7
2018-04-18 CVE-2018-10194 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
local
low complexity
artifex canonical debian redhat CWE-119
7.8
2018-04-18 CVE-2018-1088 Incorrect Privilege Assignment vulnerability in multiple products
A privilege escalation flaw was found in gluster 3.x snapshot scheduler.
network
high complexity
redhat opensuse debian CWE-266
8.1