Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-16 | CVE-2017-15371 | Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. | 5.5 |
| 2017-10-16 | CVE-2017-15370 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. | 5.5 |
| 2017-10-14 | CVE-2017-12629 | XXE vulnerability in multiple products Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. | 9.8 |
| 2017-10-11 | CVE-2017-2888 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. | 8.8 |
| 2017-10-11 | CVE-2017-2887 | Out-of-bounds Write vulnerability in multiple products An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. | 8.8 |
| 2017-10-11 | CVE-2017-0903 | Deserialization of Untrusted Data vulnerability in multiple products RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. | 9.8 |
| 2017-10-11 | CVE-2017-15238 | Use After Free vulnerability in multiple products ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | 8.8 |
| 2017-10-10 | CVE-2017-15191 | Use of Externally-Controlled Format String vulnerability in multiple products In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. | 7.5 |
| 2017-10-10 | CVE-2017-5637 | Missing Authentication for Critical Function vulnerability in multiple products Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. | 7.5 |
| 2017-10-10 | CVE-2017-13723 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | 7.8 |