Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-18 CVE-2018-10871 Cleartext Storage of Sensitive Information vulnerability in multiple products
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information.
network
low complexity
fedoraproject debian CWE-312
7.2
2018-07-17 CVE-2018-14363 Path Traversal vulnerability in multiple products
An issue was discovered in NeoMutt before 2018-07-16.
network
low complexity
debian neomutt CWE-22
7.5
2018-07-17 CVE-2018-14346 Out-of-bounds Write vulnerability in multiple products
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
network
low complexity
debian gnu CWE-787
8.8
2018-07-17 CVE-2018-14337 Integer Overflow or Wraparound vulnerability in multiple products
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
network
low complexity
mruby debian CWE-190
7.5
2018-07-16 CVE-2018-10857 Information Exposure vulnerability in multiple products
git-annex is vulnerable to a private data exposure and exfiltration attack.
network
low complexity
git-annex-project debian CWE-200
7.5
2018-07-16 CVE-2018-10859 Information Exposure vulnerability in multiple products
git-annex is vulnerable to an Information Exposure when decrypting files.
network
low complexity
git-annex-project debian CWE-200
7.5
2018-07-13 CVE-2018-10875 Untrusted Search Path vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
redhat debian suse canonical CWE-426
7.8
2018-07-11 CVE-2018-11529 Use After Free vulnerability in multiple products
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files.
low complexity
debian videolan CWE-416
8.0
2018-07-10 CVE-2018-1128 Improper Authentication vulnerability in multiple products
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack.
high complexity
redhat debian opensuse CWE-287
7.5
2018-07-10 CVE-2018-10887 Incorrect Conversion between Numeric Types vulnerability in multiple products
A flaw was found in libgit2 before version 0.27.3.
network
low complexity
libgit2 debian CWE-681
8.1