Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-01 | CVE-2017-17085 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. | 7.5 |
| 2017-12-01 | CVE-2017-17084 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. | 7.5 |
| 2017-12-01 | CVE-2017-17083 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. | 7.5 |
| 2017-11-29 | CVE-2017-8817 | Out-of-bounds Read vulnerability in multiple products The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. | 9.8 |
| 2017-11-29 | CVE-2017-8816 | Integer Overflow or Wraparound vulnerability in multiple products The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. | 9.8 |
| 2017-11-27 | CVE-2017-15275 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | 7.5 |
| 2017-11-27 | CVE-2017-14746 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | 9.8 |
| 2017-11-27 | CVE-2017-8028 | Improper Authentication vulnerability in multiple products In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. | 8.1 |
| 2017-11-27 | CVE-2017-14176 | Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. | 8.8 |
| 2017-11-25 | CVE-2017-16944 | Infinite Loop vulnerability in multiple products The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function. | 7.5 |