Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-17 | CVE-2018-6798 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Perl 5.22 through 5.26. | 7.5 |
2018-04-16 | CVE-2018-10120 | Improper Validation of Array Index vulnerability in multiple products The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record. | 7.8 |
2018-04-16 | CVE-2018-10119 | Use After Free vulnerability in multiple products sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. | 7.8 |
2018-04-13 | CVE-2017-0367 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | 8.8 |
2018-04-13 | CVE-2017-0362 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | 8.8 |
2018-04-13 | CVE-2017-0361 | Information Exposure vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. | 7.8 |
2018-04-13 | CVE-2017-0358 | Improper Privilege Management vulnerability in multiple products Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. | 7.8 |
2018-04-12 | CVE-2018-1084 | corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. | 7.5 |
2018-04-12 | CVE-2018-1086 | Information Exposure vulnerability in multiple products pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. | 7.5 |
2018-04-10 | CVE-2018-3839 | Out-of-bounds Write vulnerability in multiple products An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. | 8.8 |