Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-11 | CVE-2017-17503 | Out-of-bounds Read vulnerability in multiple products ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. | 8.8 |
| 2017-12-11 | CVE-2017-17502 | Out-of-bounds Read vulnerability in multiple products ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. | 8.8 |
| 2017-12-11 | CVE-2017-17501 | Out-of-bounds Read vulnerability in multiple products WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. | 8.8 |
| 2017-12-11 | CVE-2017-17500 | Out-of-bounds Read vulnerability in multiple products ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. | 8.8 |
| 2017-12-11 | CVE-2017-17499 | Use After Free vulnerability in multiple products ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | 9.8 |
| 2017-12-08 | CVE-2017-17480 | Out-of-bounds Write vulnerability in multiple products In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. | 9.8 |
| 2017-12-08 | CVE-2017-16854 | Information Exposure vulnerability in multiple products In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. | 6.5 |
| 2017-12-08 | CVE-2017-16921 | OS Command Injection vulnerability in multiple products In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. | 8.8 |
| 2017-12-07 | CVE-2017-1000410 | Information Exposure vulnerability in multiple products The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. | 7.5 |
| 2017-12-07 | CVE-2017-17458 | OS Command Injection vulnerability in multiple products In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. | 9.8 |