Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-27 CVE-2018-15909 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
7.8
2018-08-27 CVE-2018-15908 In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
local
low complexity
artifex debian canonical redhat
7.8
2018-08-24 CVE-2018-14598 Improper Input Validation vulnerability in multiple products
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5.
network
low complexity
x-org debian canonical fedoraproject CWE-20
7.5
2018-08-23 CVE-2018-15822 Reachable Assertion vulnerability in multiple products
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.
network
low complexity
ffmpeg debian canonical CWE-617
7.5
2018-08-22 CVE-2018-10858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.
network
low complexity
debian canonical samba redhat CWE-119
8.8
2018-08-21 CVE-2018-10902 It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file.
local
low complexity
debian canonical linux redhat
7.8
2018-08-20 CVE-2018-1000222 Double Free vulnerability in multiple products
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution .
network
low complexity
libgd canonical debian CWE-415
8.8
2018-08-20 CVE-2018-1000637 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution.
local
low complexity
nongnu debian CWE-119
7.8
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
2018-08-18 CVE-2018-15501 Out-of-bounds Read vulnerability in multiple products
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
network
low complexity
debian libgit2 CWE-125
7.5