Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-28 CVE-2017-11509 SQL Injection vulnerability in multiple products
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
network
low complexity
firebirdsql debian CWE-89
8.8
2018-03-28 CVE-2018-1083 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality.
local
low complexity
zsh canonical debian redhat CWE-119
7.8
2018-03-27 CVE-2018-8764 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.
network
low complexity
debian ldap-account-manager CWE-352
8.8
2018-03-26 CVE-2017-18249 Race Condition vulnerability in multiple products
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
local
high complexity
linux debian CWE-362
7.0
2018-03-26 CVE-2018-1303 Out-of-bounds Read vulnerability in multiple products
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory.
network
low complexity
apache debian canonical netapp CWE-125
7.5
2018-03-26 CVE-2017-15715 Improper Input Validation vulnerability in multiple products
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename.
network
high complexity
apache debian canonical netapp redhat CWE-20
8.1
2018-03-26 CVE-2017-15710 Out-of-bounds Write vulnerability in multiple products
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials.
network
low complexity
apache debian canonical netapp redhat CWE-787
7.5
2018-03-25 CVE-2018-9009 Use After Free vulnerability in multiple products
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.
network
low complexity
libming debian CWE-416
8.8
2018-03-22 CVE-2018-8905 Out-of-bounds Write vulnerability in multiple products
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
network
low complexity
libtiff debian canonical redhat CWE-787
8.8
2018-03-21 CVE-2018-3710 Path Traversal vulnerability in multiple products
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
local
low complexity
gitlab debian CWE-22
7.8