Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-14 | CVE-2017-12896 | Out-of-bounds Read vulnerability in multiple products The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). | 7.5 |
| 2017-09-13 | CVE-2017-2816 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. | 8.8 |
| 2017-09-13 | CVE-2015-2750 | Open Redirect vulnerability in multiple products Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | 5.8 |
| 2017-09-13 | CVE-2015-2749 | Open Redirect vulnerability in multiple products Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | 5.8 |
| 2017-09-12 | CVE-2017-14341 | Resource Exhaustion vulnerability in multiple products ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | 7.1 |
| 2017-09-12 | CVE-2017-1000251 | Out-of-bounds Write vulnerability in multiple products The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. | 8.0 |
| 2017-09-12 | CVE-2017-14314 | Out-of-bounds Read vulnerability in multiple products Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. | 4.3 |
| 2017-09-11 | CVE-2017-7650 | Improper Authentication vulnerability in multiple products In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. | 4.0 |
| 2017-09-09 | CVE-2017-14223 | Resource Exhaustion vulnerability in multiple products In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 7.1 |
| 2017-09-08 | CVE-2017-14167 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. | 7.2 |