Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-10 CVE-2018-10861 Improper Authentication vulnerability in multiple products
A flaw was found in the way ceph mon handles user requests.
network
low complexity
ceph redhat opensuse debian CWE-287
8.1
2018-07-06 CVE-2018-13406 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
local
low complexity
linux canonical debian CWE-190
7.8
2018-07-06 CVE-2018-13405 Improper Privilege Management vulnerability in multiple products
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group.
7.8
2018-07-05 CVE-2018-13302 Improper Validation of Array Index vulnerability in multiple products
In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.
network
low complexity
ffmpeg debian CWE-129
8.8
2018-07-05 CVE-2018-13300 Out-of-bounds Read vulnerability in multiple products
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.
network
low complexity
ffmpeg debian CWE-125
8.1
2018-07-04 CVE-2018-13139 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.
network
low complexity
libsndfile-project debian CWE-787
8.8
2018-07-02 CVE-2018-13054 Link Following vulnerability in multiple products
An issue was discovered in Cinnamon 1.9.2 through 3.8.6.
network
low complexity
debian linuxmint CWE-59
8.1
2018-06-29 CVE-2018-10860 Path Traversal vulnerability in multiple products
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip.
7.5
2018-06-26 CVE-2018-12895 Path Traversal vulnerability in multiple products
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file.
network
low complexity
wordpress debian CWE-22
8.8
2018-06-26 CVE-2018-3760 Information Exposure vulnerability in multiple products
There is an information leak vulnerability in Sprockets.
network
low complexity
redhat sprockets-project debian CWE-200
7.5