Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-07 CVE-2018-7752 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps function in media_tools/av_parsers.c, a different vulnerability than CVE-2018-1000100.
local
low complexity
gpac debian canonical CWE-119
7.8
2018-03-05 CVE-2018-7711 Improper Verification of Cryptographic Signature vulnerability in multiple products
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation.
network
high complexity
simplesamlphp debian CWE-347
8.1
2018-03-05 CVE-2018-0490 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10.
network
low complexity
torproject debian CWE-476
7.5
2018-03-05 CVE-2018-1000115 Resource Exhaustion vulnerability in multiple products
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources).
network
low complexity
memcached canonical debian redhat CWE-400
7.5
2018-03-02 CVE-2017-14461 Out-of-bounds Read vulnerability in multiple products
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service.
network
low complexity
dovecot debian ubuntu CWE-125
7.1
2018-03-01 CVE-2018-7550 Out-of-bounds Write vulnerability in multiple products
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
local
low complexity
qemu debian canonical redhat CWE-787
8.8
2018-02-27 CVE-2017-7671 Improper Input Validation vulnerability in multiple products
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake.
network
low complexity
apache debian CWE-20
7.5
2018-02-27 CVE-2017-5660 Improper Input Validation vulnerability in multiple products
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding.
network
low complexity
apache debian CWE-20
8.6
2018-02-27 CVE-2018-7541 An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
local
low complexity
xen debian
8.8
2018-02-26 CVE-2018-7490 Path Traversal vulnerability in multiple products
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
network
low complexity
unbit debian CWE-22
7.5