Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-23 CVE-2018-7437 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeXL before 1.0.5.
network
low complexity
freexl-project debian CWE-125
8.8
2018-02-23 CVE-2018-7436 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeXL before 1.0.5.
network
low complexity
freexl-project debian CWE-125
8.8
2018-02-23 CVE-2018-7435 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeXL before 1.0.5.
network
low complexity
freexl-project debian CWE-125
8.8
2018-02-19 CVE-2017-7375 XXE vulnerability in multiple products
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes).
network
low complexity
xmlsoft debian google CWE-611
7.5
2018-02-19 CVE-2018-7225 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibVNCServer through 0.9.11.
7.5
2018-02-19 CVE-2018-5379 Double Free vulnerability in multiple products
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes.
network
low complexity
quagga debian canonical redhat siemens CWE-415
7.5
2018-02-15 CVE-2018-7054 Use After Free vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi canonical debian CWE-416
7.5
2018-02-15 CVE-2018-7053 Use After Free vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-416
7.5
2018-02-15 CVE-2017-18189 NULL Pointer Dereference vulnerability in multiple products
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
network
low complexity
sound-exchange-project debian CWE-476
7.5
2018-02-14 CVE-2017-18187 Integer Overflow or Wraparound vulnerability in multiple products
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
network
low complexity
arm debian CWE-190
7.5