Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-07 | CVE-2018-6794 | Protection Mechanism Failure vulnerability in multiple products Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. | 5.3 |
| 2018-02-07 | CVE-2018-6791 | OS Command Injection vulnerability in multiple products An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. | 6.8 |
| 2018-02-05 | CVE-2018-6621 | Out-of-bounds Read vulnerability in multiple products The decode_frame function in libavcodec/utvideodec.c in FFmpeg through 3.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. | 6.5 |
| 2018-02-04 | CVE-2018-6616 | Resource Exhaustion vulnerability in multiple products In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. | 5.5 |
| 2018-02-02 | CVE-2017-18121 | Cross-site Scripting vulnerability in multiple products The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. | 6.1 |
| 2018-02-02 | CVE-2018-6544 | Uncontrolled Recursion vulnerability in multiple products pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | 5.5 |
| 2018-01-31 | CVE-2017-18043 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). | 5.5 |
| 2018-01-31 | CVE-2017-15698 | Improper Certificate Validation vulnerability in multiple products When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. | 5.9 |
| 2018-01-30 | CVE-2011-2902 | Improper Input Validation vulnerability in multiple products zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. | 5.3 |
| 2018-01-29 | CVE-2018-6392 | Out-of-bounds Read vulnerability in multiple products The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1 allows remote attackers to cause a denial of service (out-of-array access) via a crafted MP4 file. | 6.5 |