Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-09 CVE-2018-17958 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
network
low complexity
qemu canonical debian redhat CWE-190
7.5
2018-10-08 CVE-2018-1000805 Incorrect Authorization vulnerability in multiple products
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE.
network
low complexity
paramiko redhat debian canonical CWE-863
8.8
2018-10-07 CVE-2018-18021 Improper Input Validation vulnerability in multiple products
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl.
local
low complexity
linux debian canonical CWE-20
7.1
2018-10-03 CVE-2018-17540 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
network
low complexity
strongswan debian canonical CWE-119
7.5
2018-10-01 CVE-2015-9268 Improper Input Validation vulnerability in multiple products
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll.
local
low complexity
nullsoft debian CWE-20
7.8
2018-09-28 CVE-2018-14648 Resource Exhaustion vulnerability in multiple products
A flaw was found in 389 Directory Server.
network
low complexity
fedoraproject redhat debian CWE-400
7.5
2018-09-26 CVE-2018-16152 Improper Verification of Cryptographic Signature vulnerability in multiple products
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification.
network
low complexity
strongswan debian canonical CWE-347
7.5
2018-09-26 CVE-2018-16151 Improper Verification of Cryptographic Signature vulnerability in multiple products
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification.
network
low complexity
strongswan debian canonical CWE-347
7.5
2018-09-25 CVE-2018-6054 Use After Free vulnerability in multiple products
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
network
low complexity
google redhat debian CWE-416
8.8
2018-09-25 CVE-2018-6043 Improper Input Validation vulnerability in multiple products
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
network
low complexity
google debian redhat CWE-20
8.8