Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
CVSS Score
6.1
EPSS Score
0.052
Published
2018-04-16
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-04-13
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
CVSS Score
9.8
EPSS Score
0.056
Published
2018-04-13
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
CVSS Score
7.8
EPSS Score
0.075
Published
2018-04-13
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-04-13
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially crafted image to trigger this vulnerability.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-04-10
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-04-10
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS Score
7.5
EPSS Score
0.012
Published
2018-04-10
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-04-10
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-04-10