Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-08 | CVE-2017-11104 | Improper Input Validation vulnerability in multiple products Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. | 5.9 |
| 2017-07-06 | CVE-2017-9524 | Improper Input Validation vulnerability in multiple products The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. | 7.5 |
| 2017-07-06 | CVE-2016-4000 | Deserialization of Untrusted Data vulnerability in multiple products Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. | 9.8 |
| 2017-07-05 | CVE-2017-2295 | Deserialization of Untrusted Data vulnerability in multiple products Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. | 8.2 |
| 2017-07-04 | CVE-2017-10810 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures. | 7.5 |
| 2017-06-29 | CVE-2017-10672 | Use After Free vulnerability in multiple products Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. | 9.8 |
| 2017-06-28 | CVE-2017-9994 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. | 7.8 |
| 2017-06-28 | CVE-2017-9993 | Information Exposure vulnerability in multiple products FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. | 7.5 |
| 2017-06-28 | CVE-2017-9992 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2017-06-28 | CVE-2017-9989 | NULL Pointer Dereference vulnerability in multiple products util/outputtxt.c in libming 0.4.8 mishandles memory allocation. | 6.5 |