Vulnerabilities > Debian > Debian Linux > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2017-12179 | Integer Overflow or Wraparound vulnerability in multiple products xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 9.8 |
| 2018-01-24 | CVE-2017-12178 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 9.8 |
| 2018-01-24 | CVE-2017-12177 | Integer Overflow or Wraparound vulnerability in multiple products xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 9.8 |
| 2018-01-24 | CVE-2017-12176 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 9.8 |
| 2018-01-16 | CVE-2018-5704 | Use of Externally-Controlled Format String vulnerability in multiple products Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site. | 9.6 |
| 2018-01-10 | CVE-2017-17485 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. | 9.8 |
| 2018-01-08 | CVE-2015-2320 | Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | 9.8 |
| 2018-01-06 | CVE-2018-5208 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. | 9.8 |
| 2018-01-06 | CVE-2018-5206 | NULL Pointer Dereference vulnerability in multiple products When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. | 9.8 |
| 2018-01-03 | CVE-2017-1000487 | OS Command Injection vulnerability in multiple products Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. | 9.8 |