Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2017-18257 | Integer Overflow or Wraparound vulnerability in multiple products The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. | 5.5 |
| 2018-04-04 | CVE-2018-9251 | Infinite Loop vulnerability in multiple products The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. | 5.3 |
| 2018-04-03 | CVE-2017-17742 | HTTP Response Splitting vulnerability in multiple products Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. | 5.3 |
| 2018-04-03 | CVE-2018-4117 | Information Exposure vulnerability in multiple products An issue was discovered in certain Apple products. | 6.5 |
| 2018-03-30 | CVE-2018-9132 | NULL Pointer Dereference vulnerability in multiple products libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. | 6.5 |
| 2018-03-27 | CVE-2018-0739 | Uncontrolled Recursion vulnerability in multiple products Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. | 6.5 |
| 2018-03-27 | CVE-2018-8048 | Cross-site Scripting vulnerability in multiple products In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | 6.1 |
| 2018-03-27 | CVE-2018-8763 | Cross-site Scripting vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. | 6.1 |
| 2018-03-27 | CVE-2018-0202 | Out-of-bounds Read vulnerability in multiple products clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.5 |
| 2018-03-26 | CVE-2018-1301 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. | 5.9 |