Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2016-6328 A vulnerability was found in libexif.
network
low complexity
libexif-project debian canonical
8.1
2018-10-31 CVE-2018-11759 Path Traversal vulnerability in multiple products
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly.
network
low complexity
apache debian redhat CWE-22
7.5
2018-10-31 CVE-2018-14653 The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message.
network
low complexity
redhat debian
8.8
2018-10-30 CVE-2018-18281 Incomplete Cleanup vulnerability in multiple products
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.
local
low complexity
linux canonical debian CWE-459
7.8
2018-10-29 CVE-2018-18718 Double Free vulnerability in multiple products
An issue was discovered in gThumb through 3.6.2.
local
low complexity
gnome debian CWE-415
7.8
2018-10-26 CVE-2018-15688 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd.
8.8
2018-10-26 CVE-2018-15686 Deserialization of Untrusted Data vulnerability in multiple products
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess.
7.8
2018-10-26 CVE-2018-18654 Incorrect Permission Assignment for Critical Resource vulnerability in Debian Crossroads 2.81
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr.
local
low complexity
debian CWE-732
7.8
2018-10-24 CVE-2016-10729 Command Injection vulnerability in multiple products
An issue was discovered in Amanda 3.3.1.
local
low complexity
zmanda redhat debian CWE-77
7.8
2018-10-23 CVE-2018-16837 Missing Encryption of Sensitive Data vulnerability in multiple products
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen.
local
low complexity
redhat debian suse CWE-311
7.8