Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2017-7377 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
local
low complexity
qemu debian CWE-772
6.0
6.0
2017-04-10 CVE-2016-1516 Double Free vulnerability in multiple products
OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.
network
low complexity
opencv debian CWE-415
8.8
8.8
2017-04-09 CVE-2017-7613 Improper Input Validation vulnerability in multiple products
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-20
5.5
5.5
2017-04-09 CVE-2017-7612 Out-of-bounds Read vulnerability in multiple products
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7611 Out-of-bounds Read vulnerability in multiple products
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7610 Out-of-bounds Read vulnerability in multiple products
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-09 CVE-2017-7608 Out-of-bounds Read vulnerability in multiple products
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
local
low complexity
elfutils-project debian canonical CWE-125
5.5
5.5
2017-04-06 CVE-2016-8735 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports.
network
low complexity
apache canonical netapp debian redhat oracle
critical
 9.8
9.8
2017-03-31 CVE-2014-5008 Command Injection vulnerability in multiple products
Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat debian CWE-77
critical
 9.8
9.8
2017-03-28 CVE-2017-6964 Unchecked Return Value vulnerability in multiple products
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root.
local
low complexity
canonical debian CWE-252
7.8
7.8