Vulnerabilities > Debian > Debian Linux > 10.0

DATE CVE VULNERABILITY TITLE RISK
2017-09-20 CVE-2017-14604 Improper Input Validation vulnerability in multiple products
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command.
network
low complexity
gnome debian CWE-20
6.5
6.5
2017-09-14 CVE-2017-13725 Out-of-bounds Read vulnerability in multiple products
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
network
low complexity
tcpdump debian CWE-125
critical
 9.8
9.8
2017-09-14 CVE-2017-13687 Out-of-bounds Read vulnerability in multiple products
The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
network
low complexity
tcpdump debian CWE-125
critical
 9.8
9.8
2017-09-14 CVE-2017-13028 Out-of-bounds Read vulnerability in multiple products
The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
network
low complexity
tcpdump debian CWE-125
critical
 9.8
9.8
2017-09-14 CVE-2017-13024 Out-of-bounds Read vulnerability in multiple products
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
network
low complexity
tcpdump debian CWE-125
critical
 9.8
9.8
2017-09-14 CVE-2017-13020 Out-of-bounds Read vulnerability in multiple products
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().
network
low complexity
tcpdump debian CWE-125
critical
 9.8
9.8
2017-09-14 CVE-2017-13004 Out-of-bounds Read vulnerability in multiple products
The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().
network
low complexity
tcpdump debian CWE-125
critical
 9.8
9.8
2017-09-14 CVE-2017-12987 Out-of-bounds Read vulnerability in multiple products
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
network
low complexity
tcpdump redhat debian CWE-125
critical
 9.8
9.8
2017-09-14 CVE-2017-12902 Out-of-bounds Read vulnerability in multiple products
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
network
low complexity
tcpdump redhat debian CWE-125
critical
 9.8
9.8
2017-09-14 CVE-2017-12899 Out-of-bounds Read vulnerability in multiple products
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
network
low complexity
tcpdump redhat debian CWE-125
critical
 9.8
9.8