Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-10 | CVE-2018-10981 | Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request. | 6.5 |
| 2018-05-10 | CVE-2017-18267 | Infinite Loop vulnerability in multiple products The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | 5.5 |
| 2018-05-10 | CVE-2018-1130 | NULL Pointer Dereference vulnerability in multiple products Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | 5.5 |
| 2018-05-10 | CVE-2018-10963 | Reachable Assertion vulnerability in multiple products The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | 6.5 |
| 2018-05-10 | CVE-2018-10958 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call. | 6.5 |
| 2018-05-09 | CVE-2018-10940 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. | 5.5 |
| 2018-05-06 | CVE-2018-10768 | NULL Pointer Dereference vulnerability in multiple products There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. | 6.5 |
| 2018-05-06 | CVE-2018-0494 | Improper Input Validation vulnerability in multiple products GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. | 6.5 |
| 2018-04-29 | CVE-2018-10547 | Cross-site Scripting vulnerability in multiple products An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. | 6.1 |
| 2018-04-29 | CVE-2018-10545 | Information Exposure vulnerability in multiple products An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. | 4.7 |