Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-21 CVE-2017-0916 Improper Input Validation vulnerability in Gitlab
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
7.5
2018-03-21 CVE-2017-0915 Improper Input Validation vulnerability in Gitlab
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
7.5
2018-03-20 CVE-2018-8828 Off-by-one Error vulnerability in multiple products
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2.
network
low complexity
kamailio debian CWE-193
7.5
2018-03-20 CVE-2018-8822 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.
local
low complexity
linux canonical debian CWE-119
7.8
2018-03-17 CVE-2018-8741 Path Traversal vulnerability in multiple products
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
network
low complexity
squirrelmail debian CWE-22
8.8
2018-03-17 CVE-2018-8740 NULL Pointer Dereference vulnerability in multiple products
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
network
low complexity
sqlite debian CWE-476
7.5
2018-03-15 CVE-2018-7033 SQL Injection vulnerability in multiple products
SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD.
network
low complexity
schedmd debian CWE-89
7.5
2018-03-14 CVE-2018-1000120 Out-of-bounds Write vulnerability in multiple products
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
network
low complexity
debian canonical haxx redhat oracle CWE-787
7.5
2018-03-13 CVE-2018-7750 Improper Authentication vulnerability in multiple products
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open.
network
low complexity
paramiko redhat debian CWE-287
7.5
2018-03-13 CVE-2018-1000076 Improper Verification of Cryptographic Signature vulnerability in multiple products
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures..
network
low complexity
rubygems debian CWE-347
7.5