Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-12 CVE-2014-8129 Out-of-bounds Write vulnerability in multiple products
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
network
low complexity
libtiff debian redhat apple CWE-787
8.8
2018-03-09 CVE-2018-7998 NULL Pointer Dereference vulnerability in multiple products
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file.
network
high complexity
libvips debian CWE-476
7.5
2018-03-07 CVE-2018-1000116 Out-of-bounds Write vulnerability in multiple products
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
network
low complexity
net-snmp debian CWE-787
7.5
2018-03-02 CVE-2018-1066 NULL Pointer Dereference vulnerability in Linux Kernel
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.
7.1
2018-03-01 CVE-2018-7584 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c.
network
low complexity
php canonical debian CWE-119
7.5
2018-03-01 CVE-2018-7550 Out-of-bounds Write vulnerability in multiple products
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
local
low complexity
qemu debian canonical redhat CWE-787
8.8
2018-02-28 CVE-2018-7554 Use After Free vulnerability in multiple products
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4.
network
low complexity
sam2p-project debian CWE-416
7.5
2018-02-28 CVE-2018-7553 Out-of-bounds Write vulnerability in multiple products
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4.
network
low complexity
sam2p-project debian CWE-787
7.5
2018-02-28 CVE-2018-7552 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4.
network
low complexity
sam2p-project debian CWE-119
7.5
2018-02-28 CVE-2018-7551 Use After Free vulnerability in multiple products
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4.
network
low complexity
sam2p-project debian CWE-416
7.5