Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-14737 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. | 2.1 |
| 2017-09-26 | CVE-2014-8156 | Permissions, Privileges, and Access Controls vulnerability in multiple products The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. local low complexity fso-frameworkd-project fso-gsmd-project fso-usaged-project phonefsod-project debian CWE-264 | 7.2 |
| 2017-09-25 | CVE-2017-14733 | Out-of-bounds Read vulnerability in multiple products ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 6.5 |
| 2017-09-25 | CVE-2015-6748 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | 6.1 |
| 2017-09-21 | CVE-2017-12153 | NULL Pointer Dereference vulnerability in Linux Kernel A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. | 4.9 |
| 2017-09-21 | CVE-2017-14160 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. | 6.8 |
| 2017-09-21 | CVE-2017-14246 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 5.8 |
| 2017-09-21 | CVE-2017-14245 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 5.8 |
| 2017-09-21 | CVE-2017-14634 | Divide By Zero vulnerability in multiple products In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. | 4.3 |
| 2017-09-21 | CVE-2017-14633 | Out-of-bounds Read vulnerability in multiple products In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | 4.3 |