Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-09 | CVE-2018-19139 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue has been found in JasPer 2.0.14. | 4.3 |
| 2018-11-09 | CVE-2018-19132 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | 4.3 |
| 2018-11-08 | CVE-2018-19108 | Infinite Loop vulnerability in multiple products In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | 6.5 |
| 2018-11-08 | CVE-2018-19107 | Integer Overflow or Wraparound vulnerability in multiple products In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | 6.5 |
| 2018-11-07 | CVE-2018-19058 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |
| 2018-11-07 | CVE-2018-16845 | Resource Exhaustion vulnerability in multiple products nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. | 5.8 |
| 2018-11-07 | CVE-2018-19052 | Path Traversal vulnerability in multiple products An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. | 5.0 |
| 2018-11-06 | CVE-2014-10077 | Improper Input Validation vulnerability in multiple products Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | 5.0 |
| 2018-11-05 | CVE-2018-18820 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. | 6.8 |
| 2018-11-02 | CVE-2018-18897 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Poppler 0.71.0. | 6.5 |