Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-17 | CVE-2018-14355 | Path Traversal vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. | 5.0 |
| 2018-07-17 | CVE-2018-14347 | Infinite Loop vulnerability in multiple products GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c). | 4.3 |
| 2018-07-17 | CVE-2018-14346 | Out-of-bounds Write vulnerability in multiple products GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). | 6.8 |
| 2018-07-17 | CVE-2018-14337 | Integer Overflow or Wraparound vulnerability in multiple products The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. | 5.0 |
| 2018-07-16 | CVE-2018-10857 | Information Exposure vulnerability in multiple products git-annex is vulnerable to a private data exposure and exfiltration attack. | 5.0 |
| 2018-07-16 | CVE-2018-10859 | Information Exposure vulnerability in multiple products git-annex is vulnerable to an Information Exposure when decrypting files. | 5.0 |
| 2018-07-16 | CVE-2018-0361 | Improper Input Validation vulnerability in multiple products ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. | 4.3 |
| 2018-07-16 | CVE-2018-0360 | Integer Overflow or Wraparound vulnerability in multiple products ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. | 4.3 |
| 2018-07-15 | CVE-2018-14056 | Path Traversal vulnerability in multiple products ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | 5.0 |
| 2018-07-15 | CVE-2018-14055 | Improper Input Validation vulnerability in multiple products ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | 4.0 |