Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-03 | CVE-2017-16516 | Use of Externally-Controlled Format String vulnerability in multiple products In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. | 7.5 |
| 2017-11-01 | CVE-2017-16353 | Out-of-bounds Read vulnerability in multiple products GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. | 6.5 |
| 2017-11-01 | CVE-2017-16352 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. | 8.8 |
| 2017-10-31 | CVE-2017-1000257 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An IMAP FETCH response line indicates the size of the returned data, in number of bytes. | 6.4 |
| 2017-10-31 | CVE-2017-1000256 | Improper Certificate Validation vulnerability in multiple products libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | 8.1 |
| 2017-10-29 | CVE-2017-16227 | Improper Input Validation vulnerability in multiple products The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | 5.0 |
| 2017-10-28 | CVE-2017-15955 | NULL Pointer Dereference vulnerability in multiple products bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. | 4.3 |
| 2017-10-28 | CVE-2017-15954 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. | 4.3 |
| 2017-10-28 | CVE-2017-15953 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. | 4.3 |
| 2017-10-27 | CVE-2017-13090 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The retr.c:fd_read_body() function is called when processing OK responses. | 9.3 |