Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-23 | CVE-2018-7436 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in FreeXL before 1.0.5. | 8.8 |
| 2018-02-23 | CVE-2018-7435 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in FreeXL before 1.0.5. | 8.8 |
| 2018-02-23 | CVE-2018-6764 | Origin Validation Error vulnerability in multiple products util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | 7.8 |
| 2018-02-22 | CVE-2018-7284 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. | 7.5 |
| 2018-02-19 | CVE-2018-7254 | Out-of-bounds Read vulnerability in multiple products The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. | 7.8 |
| 2018-02-19 | CVE-2018-7253 | Out-of-bounds Read vulnerability in multiple products The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. | 7.8 |
| 2018-02-19 | CVE-2018-5381 | Infinite Loop vulnerability in multiple products The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. | 7.5 |
| 2018-02-16 | CVE-2018-7187 | OS Command Injection vulnerability in multiple products The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | 8.8 |
| 2018-02-16 | CVE-2017-18190 | Authentication Bypass by Spoofing vulnerability in multiple products A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. | 7.5 |
| 2018-02-15 | CVE-2018-7052 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. | 7.5 |