Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-13 CVE-2018-1000075 Infinite Loop vulnerability in multiple products
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop..
network
low complexity
rubygems debian CWE-835
7.5
2018-03-13 CVE-2018-1000099 Access of Uninitialized Pointer vulnerability in multiple products
Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash.
network
low complexity
teluu debian CWE-824
7.5
2018-03-13 CVE-2018-1000098 Integer Overflow or Wraparound vulnerability in multiple products
Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash.
network
low complexity
teluu debian CWE-190
7.5
2018-03-13 CVE-2018-1000097 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code.
local
low complexity
debian canonical gnu CWE-119
7.8
2018-03-12 CVE-2017-2619 Link Following vulnerability in multiple products
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
network
high complexity
samba redhat debian CWE-59
7.5
2018-03-12 CVE-2016-5314 Out-of-bounds Write vulnerability in multiple products
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
network
low complexity
libtiff opensuse redhat debian CWE-787
8.8
2018-03-12 CVE-2014-8129 Out-of-bounds Write vulnerability in multiple products
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
network
low complexity
libtiff debian redhat apple CWE-787
8.8
2018-03-09 CVE-2018-7998 NULL Pointer Dereference vulnerability in multiple products
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file.
network
high complexity
libvips debian CWE-476
7.5
2018-03-08 CVE-2018-7871 Out-of-bounds Read vulnerability in multiple products
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data.
network
low complexity
libming debian CWE-125
8.8
2018-03-08 CVE-2018-7869 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack.
network
low complexity
libming debian CWE-772
7.5