Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2017-06-02 CVE-2017-9406 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
freedesktop debian CWE-772
6.5
6.5
2017-06-02 CVE-2017-9404 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
libtiff debian canonical CWE-772
6.5
6.5
2017-06-02 CVE-2017-9403 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
network
low complexity
libtiff debian canonical CWE-772
6.5
6.5
2017-06-02 CVE-2017-9349 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-06-02 CVE-2017-9344 Divide By Zero vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero.
network
low complexity
wireshark debian CWE-369
7.5
7.5
2017-06-01 CVE-2017-8386 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
network
low complexity
git opensuse debian canonical fedoraproject
8.8
8.8
2017-06-01 CVE-2017-6512 Race Condition vulnerability in multiple products
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
network
high complexity
file canonical debian CWE-362
5.9
5.9
2017-05-30 CVE-2017-7494 Code Injection vulnerability in multiple products
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
network
low complexity
samba debian CWE-94
critical
 9.8
9.8
2017-05-29 CVE-2017-9287 Double Free vulnerability in multiple products
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability.
network
low complexity
openldap debian redhat mcafee oracle CWE-415
6.5
6.5
2017-05-25 CVE-2015-5211 Files or Directories Accessible to External Parties vulnerability in multiple products
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack.
network
low complexity
vmware debian CWE-552
critical
 9.6
9.6