Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-14 | CVE-2017-16355 | Information Exposure vulnerability in multiple products In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | 4.7 |
| 2017-12-14 | CVE-2017-17527 | Injection vulnerability in multiple products delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17515 | Injection vulnerability in multiple products etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17514 | Injection vulnerability in multiple products boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-12-14 | CVE-2017-17511 | Injection vulnerability in multiple products KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c. | 8.8 |
| 2017-12-14 | CVE-2017-17682 | Resource Exhaustion vulnerability in multiple products In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | 6.5 |
| 2017-12-13 | CVE-2017-17669 | Out-of-bounds Read vulnerability in multiple products There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. | 5.5 |
| 2017-12-12 | CVE-2017-1000385 | Information Exposure Through Discrepancy vulnerability in multiple products The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. | 5.9 |
| 2017-12-11 | CVE-2017-1000407 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | 7.4 |
| 2017-12-11 | CVE-2017-17504 | Out-of-bounds Read vulnerability in multiple products ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. | 6.5 |