Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-21 CVE-2017-0926 Incorrect Authorization vulnerability in multiple products
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
network
low complexity
gitlab debian CWE-863
8.8
2018-03-21 CVE-2017-0925 Cleartext Transmission of Sensitive Information vulnerability in multiple products
Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password.
network
low complexity
gitlab debian CWE-319
7.2
2018-03-21 CVE-2017-0918 Path Traversal vulnerability in multiple products
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
network
low complexity
gitlab debian CWE-22
8.8
2018-03-20 CVE-2018-8822 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.
local
low complexity
linux canonical debian CWE-119
7.8
2018-03-17 CVE-2018-8741 Path Traversal vulnerability in multiple products
A directory traversal flaw in SquirrelMail 1.4.22 allows an authenticated attacker to exfiltrate (or potentially delete) files from the hosting server, related to ../ in the att_local_name field in Deliver.class.php.
network
low complexity
squirrelmail debian CWE-22
8.8
2018-03-17 CVE-2018-8740 NULL Pointer Dereference vulnerability in multiple products
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
network
low complexity
sqlite debian CWE-476
7.5
2018-03-15 CVE-2017-18234 Use After Free vulnerability in multiple products
An issue was discovered in Exempi before 2.4.3.
local
low complexity
exempi-project debian canonical CWE-416
7.8
2018-03-14 CVE-2018-1000121 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
network
low complexity
debian canonical haxx redhat oracle CWE-476
7.5
2018-03-13 CVE-2018-1000127 Improper Locking vulnerability in multiple products
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list.
network
low complexity
memcached debian canonical redhat CWE-667
7.5
2018-03-13 CVE-2018-1057 Incorrect Authorization vulnerability in multiple products
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
network
low complexity
debian canonical samba CWE-863
8.8