Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-17 CVE-2018-10873 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks.
network
low complexity
spice-project debian canonical redhat CWE-20
8.8
2018-08-14 CVE-2018-14348 Information Exposure vulnerability in multiple products
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
8.1
2018-08-10 CVE-2018-6553 The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links.
local
low complexity
debian canonical cups
8.8
2018-08-09 CVE-2018-10925 Incorrect Authorization vulnerability in multiple products
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ...
network
low complexity
canonical debian postgresql CWE-863
8.1
2018-08-09 CVE-2018-10915 SQL Injection vulnerability in multiple products
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections.
network
high complexity
redhat canonical debian postgresql CWE-89
7.5
2018-08-08 CVE-2018-15209 Out-of-bounds Write vulnerability in multiple products
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
network
low complexity
libtiff debian CWE-787
8.8
2018-08-06 CVE-2017-16654 Path Traversal vulnerability in multiple products
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5.
network
low complexity
sensiolabs debian CWE-22
7.5
2018-08-06 CVE-2018-5390 Resource Exhaustion vulnerability in multiple products
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
7.5
2018-08-04 CVE-2018-14593 An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30.
network
low complexity
otrs debian
8.8
2018-08-03 CVE-2018-14912 Path Traversal vulnerability in multiple products
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
network
low complexity
cgit-project debian CWE-22
7.5