Vulnerabilities > Debian > Debian Linux
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-27 | CVE-2017-5081 | Improper Input Validation vulnerability in multiple products Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. | 3.3 |
2017-10-26 | CVE-2017-15906 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | 5.3 |
2017-10-24 | CVE-2017-15873 | Integer Overflow or Wraparound vulnerability in multiple products The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. | 4.3 |
2017-10-24 | CVE-2017-12613 | Out-of-bounds Read vulnerability in multiple products When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. | 7.1 |
2017-10-22 | CVE-2017-15723 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | 5.0 |
2017-10-22 | CVE-2017-15722 | Out-of-bounds Read vulnerability in multiple products In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | 4.3 |
2017-10-22 | CVE-2017-15721 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. | 5.0 |
2017-10-22 | CVE-2015-5177 | Double Free vulnerability in multiple products Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | 5.0 |
2017-10-20 | CVE-2013-6049 | Improper Input Validation vulnerability in multiple products apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors. | 4.6 |
2017-10-19 | CVE-2017-15642 | Use After Free vulnerability in multiple products In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | 4.3 |