Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-27 CVE-2018-6359 Use After Free vulnerability in multiple products
The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.
network
low complexity
libming debian CWE-416
8.8
8.8
2018-01-27 CVE-2018-6358 Out-of-bounds Write vulnerability in multiple products
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.
network
low complexity
libming debian CWE-787
8.8
8.8
2018-01-26 CVE-2017-12380 NULL Pointer Dereference vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
debian clamav CWE-476
7.5
7.5
2018-01-26 CVE-2017-12376 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
local
low complexity
debian clamav CWE-119
7.8
7.8
2018-01-26 CVE-2017-12375 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
debian clamav CWE-119
7.5
7.5
2018-01-26 CVE-2017-12374 Use After Free vulnerability in multiple products
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
debian clamav CWE-416
7.5
7.5
2018-01-26 CVE-2017-18076 In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
network
low complexity
omniauth debian
7.5
7.5
2018-01-25 CVE-2018-6315 Integer Overflow or Wraparound vulnerability in multiple products
The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.
network
low complexity
libming debian CWE-190
8.8
8.8
2018-01-25 CVE-2017-15132 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0.
network
low complexity
dovecot debian canonical CWE-772
7.5
7.5
2018-01-25 CVE-2018-5748 Resource Exhaustion vulnerability in multiple products
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
network
low complexity
redhat debian CWE-400
7.5
7.5