Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-22 CVE-2018-11362 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash.
network
low complexity
wireshark debian CWE-125
7.5
2018-05-22 CVE-2018-11360 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash.
network
low complexity
wireshark debian CWE-119
7.5
2018-05-22 CVE-2018-11359 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash.
network
low complexity
wireshark debian CWE-476
7.5
2018-05-22 CVE-2018-11358 Use After Free vulnerability in multiple products
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash.
network
low complexity
wireshark debian CWE-416
7.5
2018-05-22 CVE-2018-11357 Improper Input Validation vulnerability in multiple products
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory.
network
low complexity
wireshark debian CWE-20
7.5
2018-05-22 CVE-2018-11356 NULL Pointer Dereference vulnerability in multiple products
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash.
network
low complexity
wireshark debian CWE-476
7.5
2018-05-21 CVE-2018-8012 Missing Authorization vulnerability in multiple products
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta.
network
low complexity
apache debian oracle CWE-862
7.5
2018-05-20 CVE-2018-11319 Path Traversal vulnerability in multiple products
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root).
network
high complexity
syntastic-project debian CWE-22
7.5
2018-05-15 CVE-2018-1087 kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions.
local
low complexity
linux canonical debian redhat
7.8
2018-05-10 CVE-2018-10982 An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.
local
low complexity
xen debian
8.8