Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-16 | CVE-2018-5712 | Cross-site Scripting vulnerability in multiple products An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. | 6.1 |
| 2018-01-16 | CVE-2018-5711 | Infinite Loop vulnerability in multiple products gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. | 5.5 |
| 2018-01-14 | CVE-2018-5686 | Infinite Loop vulnerability in multiple products In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. | 5.5 |
| 2018-01-14 | CVE-2018-5685 | Infinite Loop vulnerability in multiple products In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). | 6.5 |
| 2018-01-13 | CVE-2018-0486 | Improper Verification of Cryptographic Signature vulnerability in multiple products Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD. | 6.5 |
| 2018-01-11 | CVE-2018-5335 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. | 6.5 |
| 2018-01-11 | CVE-2018-5334 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. | 6.5 |
| 2018-01-11 | CVE-2018-5333 | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. | 5.5 |
| 2018-01-08 | CVE-2018-5294 | Integer Overflow or Wraparound vulnerability in multiple products In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). | 6.5 |
| 2018-01-08 | CVE-2018-5269 | Reachable Assertion vulnerability in multiple products In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setPos in modules/imgcodecs/src/bitstrm.cpp because of an incorrect integer cast. | 5.5 |