Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-19 CVE-2018-12565 Improper Input Validation vulnerability in multiple products
An issue was discovered in Linaro LAVA before 2018.5.post1.
network
low complexity
linaro debian CWE-20
8.8
8.8
2018-06-18 CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method.
network
low complexity
python fedoraproject canonical redhat debian
7.5
7.5
2018-06-17 CVE-2018-12029 Race Condition vulnerability in multiple products
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured.
local
high complexity
phusion debian CWE-362
7.0
7.0
2018-06-13 CVE-2018-11806 Out-of-bounds Write vulnerability in multiple products
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
local
low complexity
qemu canonical redhat debian CWE-787
8.2
8.2
2018-06-13 CVE-2018-11406 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
low complexity
sensiolabs debian CWE-352
8.8
8.8
2018-06-13 CVE-2018-11385 Session Fixation vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian fedoraproject CWE-384
8.1
8.1
2018-06-13 CVE-2018-12265 Integer Overflow or Wraparound vulnerability in multiple products
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
network
low complexity
exiv2 debian canonical CWE-190
8.8
8.8
2018-06-13 CVE-2018-12264 Integer Overflow or Wraparound vulnerability in multiple products
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
network
low complexity
exiv2 debian canonical CWE-190
8.8
8.8
2018-06-12 CVE-2018-5848 Integer Overflow or Wraparound vulnerability in multiple products
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly.
local
low complexity
google redhat debian CWE-190
7.8
7.8
2018-06-12 CVE-2018-0496 Path Traversal vulnerability in multiple products
Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system.
network
low complexity
dinknetwork debian CWE-22
7.5
7.5