Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-15 CVE-2018-7051 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-125
7.5
2018-02-15 CVE-2018-7050 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.
network
low complexity
irssi debian canonical CWE-476
7.5
2018-02-15 CVE-2017-18189 NULL Pointer Dereference vulnerability in multiple products
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
network
low complexity
sound-exchange-project debian CWE-476
7.5
2018-02-12 CVE-2018-6927 Integer Overflow or Wraparound vulnerability in multiple products
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
local
low complexity
linux canonical debian redhat CWE-190
7.8
2018-02-09 CVE-2018-1000051 Use After Free vulnerability in multiple products
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution.
local
low complexity
artifex debian CWE-416
7.8
2018-02-09 CVE-2018-1000041 GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM password hash being leaked to remote attackers through SMB.
network
low complexity
gnome debian
8.8
2018-02-09 CVE-2018-1000027 NULL Pointer Dereference vulnerability in multiple products
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy.
network
low complexity
squid-cache debian canonical CWE-476
7.5
2018-02-09 CVE-2018-1000026 Improper Input Validation vulnerability in multiple products
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line.
network
low complexity
linux canonical redhat debian CWE-20
7.7
2018-02-09 CVE-2018-1000024 The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy..
network
low complexity
squid-cache debian canonical
7.5
2018-02-09 CVE-2018-1053 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files.
local
high complexity
postgresql debian canonical redhat CWE-732
7.0