Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-10 CVE-2018-9989 Out-of-bounds Read vulnerability in multiple products
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
network
low complexity
arm debian CWE-125
7.5
2018-04-10 CVE-2018-9988 Out-of-bounds Read vulnerability in multiple products
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
network
low complexity
arm debian CWE-125
7.5
2018-04-09 CVE-2018-1308 XXE vulnerability in multiple products
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler.
network
low complexity
apache debian CWE-611
7.5
2018-04-07 CVE-2018-9846 Improper Input Validation vulnerability in multiple products
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence.
network
low complexity
roundcube debian CWE-20
8.8
2018-04-06 CVE-2018-1000156 Improper Input Validation vulnerability in multiple products
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution.
local
low complexity
gnu canonical debian redhat CWE-20
7.8
2018-04-04 CVE-2017-13305 Out-of-bounds Read vulnerability in multiple products
A information disclosure vulnerability in the Upstream kernel encrypted-keys.
local
low complexity
google canonical debian CWE-125
7.1
2018-04-04 CVE-2018-9273 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5
2018-04-04 CVE-2018-9270 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5
2018-04-04 CVE-2018-9269 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5
2018-04-04 CVE-2018-9268 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak.
network
low complexity
wireshark debian CWE-772
7.5