Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-17 CVE-2018-6798 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Perl 5.22 through 5.26.
network
low complexity
debian perl canonical redhat CWE-125
7.5
2018-04-16 CVE-2018-10120 Improper Validation of Array Index vulnerability in multiple products
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.
local
low complexity
debian libreoffice redhat canonical CWE-129
7.8
2018-04-16 CVE-2018-10119 Use After Free vulnerability in multiple products
sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.
local
low complexity
libreoffice debian redhat canonical CWE-416
7.8
2018-04-13 CVE-2017-0367 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
network
low complexity
mediawiki debian CWE-668
8.8
2018-04-13 CVE-2017-0362 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
network
low complexity
mediawiki debian CWE-352
8.8
2018-04-13 CVE-2017-0361 Information Exposure vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.
local
low complexity
mediawiki debian CWE-200
7.8
2018-04-13 CVE-2017-0358 Improper Privilege Management vulnerability in multiple products
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges.
local
low complexity
tuxera debian CWE-269
7.8
2018-04-12 CVE-2018-1084 corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
network
low complexity
corosync debian redhat canonical
7.5
2018-04-12 CVE-2018-1086 Information Exposure vulnerability in multiple products
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass.
network
low complexity
clusterlabs debian redhat CWE-200
7.5
2018-04-10 CVE-2018-3839 Out-of-bounds Write vulnerability in multiple products
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2.
network
low complexity
libsdl debian starwindsoftware CWE-787
8.8