Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-16 | CVE-2018-17100 | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in LibTIFF 4.0.9. | 6.8 |
| 2018-09-16 | CVE-2018-17082 | Cross-site Scripting vulnerability in PHP The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | 4.3 |
| 2018-09-14 | CVE-2018-12086 | Out-of-bounds Write vulnerability in multiple products Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | 5.0 |
| 2018-09-13 | CVE-2018-17000 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. | 4.3 |
| 2018-09-12 | CVE-2018-16949 | Resource Exhaustion vulnerability in multiple products An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. | 5.0 |
| 2018-09-12 | CVE-2018-16948 | Information Exposure vulnerability in multiple products An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. | 5.0 |
| 2018-09-11 | CVE-2018-10853 | Improper Privilege Management vulnerability in multiple products A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. | 4.6 |
| 2018-09-11 | CVE-2016-7074 | Improper Input Validation vulnerability in multiple products An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. | 4.3 |
| 2018-09-11 | CVE-2016-7073 | Improper Input Validation vulnerability in multiple products An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. | 4.3 |
| 2018-09-10 | CVE-2016-7072 | Resource Exhaustion vulnerability in multiple products An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. | 5.0 |