Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-10 CVE-2018-3839 Out-of-bounds Write vulnerability in multiple products
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2.
network
low complexity
libsdl debian starwindsoftware CWE-787
8.8
2018-04-09 CVE-2018-1308 XXE vulnerability in multiple products
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler.
network
low complexity
apache debian CWE-611
7.5
2018-04-07 CVE-2018-9846 Improper Input Validation vulnerability in multiple products
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence.
network
low complexity
roundcube debian CWE-20
8.8
2018-04-04 CVE-2018-9273 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5
2018-04-04 CVE-2018-9270 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5
2018-04-04 CVE-2018-9269 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5
2018-04-04 CVE-2018-9268 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5
2018-04-04 CVE-2018-9267 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5
2018-04-04 CVE-2018-9265 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5
2018-04-04 CVE-2018-9264 Out-of-bounds Write vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow.
network
low complexity
wireshark debian CWE-787
7.5