Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-27 CVE-2017-15120 NULL Pointer Dereference vulnerability in multiple products
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN.
network
low complexity
powerdns debian CWE-476
7.5
7.5
2018-07-27 CVE-2017-12151 Cryptographic Issues vulnerability in multiple products
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3.
network
high complexity
samba redhat debian hp CWE-310
7.4
7.4
2018-07-26 CVE-2018-10879 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
canonical linux debian redhat
7.8
7.8
2018-07-26 CVE-2018-10878 A flaw was found in the Linux kernel's ext4 filesystem.
local
low complexity
canonical linux debian redhat
7.8
7.8
2018-07-26 CVE-2017-12150 It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled.
network
high complexity
samba redhat debian
7.4
7.4
2018-07-26 CVE-2017-12163 An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8.
low complexity
samba redhat debian
7.1
7.1
2018-07-26 CVE-2018-10900 OS Command Injection vulnerability in multiple products
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack.
local
low complexity
gnome debian CWE-78
7.8
7.8
2018-07-26 CVE-2017-7558 A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13.
network
low complexity
linux debian
7.5
7.5
2018-07-24 CVE-2018-10906 Improper Privilege Management vulnerability in multiple products
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active.
local
low complexity
debian fuse-project redhat CWE-269
7.8
7.8
2018-07-20 CVE-2018-14447 Out-of-bounds Read vulnerability in multiple products
trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.
network
low complexity
libconfuse-project debian CWE-125
8.8
8.8