Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2017-03-27 CVE-2017-5973 Infinite Loop vulnerability in multiple products
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
local
low complexity
qemu debian redhat CWE-835
5.5
2017-03-24 CVE-2017-5511 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
network
low complexity
imagemagick debian CWE-119
critical
9.8
2017-03-24 CVE-2017-5510 Out-of-bounds Write vulnerability in multiple products
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
local
low complexity
imagemagick debian CWE-787
7.8
2017-03-24 CVE-2017-5507 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
network
low complexity
imagemagick debian CWE-772
7.5
2017-03-24 CVE-2017-5506 Double Free vulnerability in multiple products
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
local
low complexity
imagemagick debian CWE-415
7.8
2017-03-24 CVE-2016-10149 XXE vulnerability in multiple products
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
network
low complexity
pysaml2-project debian CWE-611
7.5
2017-03-23 CVE-2016-9556 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
5.5
2017-03-23 CVE-2017-5897 Out-of-bounds Read vulnerability in multiple products
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
network
low complexity
linux canonical debian CWE-125
critical
9.8
2017-03-23 CVE-2016-9775 Permissions, Privileges, and Access Controls vulnerability in multiple products
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack.
local
low complexity
debian canonical apache CWE-264
7.8
2017-03-23 CVE-2016-9774 Link Following vulnerability in multiple products
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.
local
low complexity
debian canonical apache CWE-59
7.8