Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-10 | CVE-2018-9989 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | 7.5 |
2018-04-10 | CVE-2018-9988 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | 7.5 |
2018-04-09 | CVE-2018-1308 | XXE vulnerability in multiple products This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. | 7.5 |
2018-04-07 | CVE-2018-9846 | Improper Input Validation vulnerability in multiple products In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. | 8.8 |
2018-04-06 | CVE-2018-1000156 | Improper Input Validation vulnerability in multiple products GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. | 7.8 |
2018-04-04 | CVE-2017-13305 | Out-of-bounds Read vulnerability in multiple products A information disclosure vulnerability in the Upstream kernel encrypted-keys. | 7.1 |
2018-04-04 | CVE-2018-9273 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. | 7.5 |
2018-04-04 | CVE-2018-9270 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. | 7.5 |
2018-04-04 | CVE-2018-9269 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. | 7.5 |
2018-04-04 | CVE-2018-9268 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. | 7.5 |