Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-20 CVE-2017-15108 OS Command Injection vulnerability in multiple products
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
local
low complexity
spice-space debian CWE-78
7.8
2018-01-18 CVE-2018-2637 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). 7.4
2018-01-18 CVE-2018-2633 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). 8.3
2018-01-18 CVE-2018-2612 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB).
network
low complexity
oracle mariadb netapp canonical debian
7.5
2018-01-18 CVE-2018-2562 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition).
network
low complexity
oracle mariadb debian canonical netapp redhat
7.5
2018-01-17 CVE-2018-5764 The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
network
low complexity
samba debian canonical
7.5
2018-01-12 CVE-2017-13194 Improper Input Validation vulnerability in multiple products
A vulnerability in the Android media framework (libvpx) related to odd frame width.
network
low complexity
google debian CWE-20
7.8
2018-01-11 CVE-2018-5336 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash.
network
low complexity
wireshark debian CWE-119
7.5
2018-01-11 CVE-2018-5332 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
local
low complexity
linux debian canonical CWE-787
7.8
2018-01-08 CVE-2015-2320 Improper Certificate Validation vulnerability in multiple products
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
network
low complexity
mono-project debian CWE-295
7.5