Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2018-5345 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
7.8
2018-01-11 CVE-2018-5336 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash.
network
low complexity
wireshark debian CWE-119
7.5
2018-01-11 CVE-2018-5332 Out-of-bounds Write vulnerability in multiple products
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
local
low complexity
linux debian canonical CWE-787
7.8
2018-01-10 CVE-2017-18026 Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.
network
low complexity
redmine debian
8.8
2018-01-08 CVE-2015-2318 Improper Certificate Validation vulnerability in multiple products
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.
network
high complexity
mono-project debian CWE-295
8.1
2018-01-06 CVE-2018-5207 Use of Externally-Controlled Format String vulnerability in multiple products
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.
network
low complexity
irssi debian CWE-134
7.5
2018-01-06 CVE-2018-5205 Use of Externally-Controlled Format String vulnerability in multiple products
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
network
low complexity
irssi debian canonical CWE-134
7.5
2018-01-05 CVE-2018-5248 Out-of-bounds Read vulnerability in multiple products
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
network
low complexity
imagemagick debian canonical CWE-125
8.8
2018-01-02 CVE-2017-1000433 Improper Authentication vulnerability in multiple products
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled.
network
high complexity
pysaml2-project debian CWE-287
8.1
2018-01-02 CVE-2017-1000422 Integer Overflow or Wraparound vulnerability in multiple products
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
network
low complexity
gnome debian canonical CWE-190
8.8