Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-29 CVE-2018-10546 Infinite Loop vulnerability in multiple products
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-835
7.5
2018-04-29 CVE-2018-10537 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier.
local
low complexity
wavpack debian CWE-119
7.8
2018-04-29 CVE-2018-10536 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in WavPack 5.1.0 and earlier.
local
low complexity
wavpack debian CWE-787
7.8
2018-04-26 CVE-2016-9602 Link Following vulnerability in multiple products
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS.
network
low complexity
qemu debian CWE-59
8.8
2018-04-26 CVE-2018-10393 Out-of-bounds Read vulnerability in multiple products
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
network
low complexity
xiph-org debian redhat CWE-125
7.5
2018-04-26 CVE-2018-10392 Out-of-bounds Write vulnerability in multiple products
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
network
low complexity
xiph-org debian redhat CWE-787
8.8
2018-04-25 CVE-2017-7652 In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk.
network
high complexity
eclipse debian
7.5
2018-04-24 CVE-2018-3836 OS Command Injection vulnerability in multiple products
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4.
local
low complexity
leptonica debian CWE-78
7.8
2018-04-24 CVE-2017-2924 Out-of-bounds Write vulnerability in multiple products
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3.
network
low complexity
freexl-project debian CWE-787
8.8
2018-04-24 CVE-2017-2923 Out-of-bounds Write vulnerability in multiple products
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3.
network
low complexity
freexl-project debian CWE-787
8.8