Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-05 CVE-2018-1000180 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected.
network
low complexity
bouncycastle debian oracle netapp redhat CWE-327
7.5
2018-06-04 CVE-2016-1000343 Cryptographic Issues vulnerability in multiple products
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values.
network
low complexity
bouncycastle debian CWE-310
7.5
2018-06-04 CVE-2016-1000342 Improper Verification of Cryptographic Signature vulnerability in multiple products
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification.
network
low complexity
bouncycastle debian CWE-347
7.5
2018-05-30 CVE-2018-11235 Path Traversal vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur.
7.8
2018-05-28 CVE-2018-11506 Out-of-bounds Write vulnerability in multiple products
The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.
local
low complexity
linux canonical debian CWE-787
7.8
2018-05-26 CVE-2018-11490 Improper Validation of Array Index vulnerability in multiple products
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked.
8.8
2018-05-23 CVE-2018-1125 Out-of-bounds Write vulnerability in multiple products
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep.
7.5
2018-05-23 CVE-2018-1123 procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow.
network
low complexity
procps-ng-project canonical debian
7.5
2018-05-23 CVE-2018-1122 procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top.
local
high complexity
procps-ng-project canonical debian
7.0
2018-05-23 CVE-2018-1124 Integer Overflow or Wraparound vulnerability in multiple products
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function.
7.8