Vulnerabilities > Debian > Debian Linux
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-23 | CVE-2017-8073 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. | 7.5 |
2017-04-23 | CVE-2017-8064 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | 7.8 |
2017-04-21 | CVE-2016-2347 | Integer Overflow or Wraparound vulnerability in multiple products Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | 7.8 |
2017-04-20 | CVE-2017-7718 | Out-of-bounds Read vulnerability in multiple products hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. | 5.5 |
2017-04-18 | CVE-2017-7943 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | 6.5 |
2017-04-18 | CVE-2017-7941 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | 6.5 |
2017-04-18 | CVE-2017-7645 | Improper Input Validation vulnerability in multiple products The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | 7.5 |
2017-04-17 | CVE-2016-7551 | Resource Management Errors vulnerability in multiple products chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | 7.5 |
2017-04-17 | CVE-2017-7889 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | 7.8 |
2017-04-14 | CVE-2017-7868 | Out-of-bounds Write vulnerability in multiple products International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. | 7.5 |