Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-07 CVE-2018-16844 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage.
network
low complexity
f5 debian canonical apple
7.5
2018-11-07 CVE-2018-16843 nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption.
network
low complexity
f5 debian canonical opensuse apple
7.5
2018-11-07 CVE-2018-19052 Path Traversal vulnerability in multiple products
An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50.
network
low complexity
lighttpd suse opensuse debian CWE-22
7.5
2018-11-06 CVE-2018-16472 Improper Input Validation vulnerability in multiple products
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack.
network
low complexity
cached-path-relative-project debian CWE-20
7.5
2018-11-06 CVE-2018-9516 Out-of-bounds Write vulnerability in multiple products
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.
local
low complexity
google debian canonical CWE-787
7.8
2018-11-06 CVE-2018-9422 Use After Free vulnerability in multiple products
In get_futex_key of futex.c, there is a use-after-free due to improper locking.
local
low complexity
google debian CWE-416
7.8
2018-11-06 CVE-2018-9363 Integer Overflow or Wraparound vulnerability in multiple products
In the hidp_process_report in bluetooth, there is an integer overflow.
local
low complexity
google canonical debian linux CWE-190
8.4
2018-11-06 CVE-2014-10077 Improper Input Validation vulnerability in multiple products
Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.
network
low complexity
i18n-project debian CWE-20
7.5
2018-11-05 CVE-2018-18820 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4.
network
high complexity
xiph debian CWE-119
8.1
2018-10-31 CVE-2018-14651 It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete.
network
low complexity
debian redhat gluster
8.8