Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-01-24 CVE-2017-12181 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
9.8
2018-01-24 CVE-2017-12180 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
9.8
2018-01-24 CVE-2017-12179 Integer Overflow or Wraparound vulnerability in multiple products
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-190
critical
9.8
2018-01-24 CVE-2017-12178 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
9.8
2018-01-24 CVE-2017-12177 Integer Overflow or Wraparound vulnerability in multiple products
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-190
critical
9.8
2018-01-24 CVE-2017-12176 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
critical
9.8
2018-01-16 CVE-2018-5704 Use of Externally-Controlled Format String vulnerability in multiple products
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
network
low complexity
debian openocd CWE-134
critical
9.6
2018-01-10 CVE-2017-17485 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw.
network
low complexity
fasterxml debian redhat netapp CWE-502
critical
9.8
2018-01-08 CVE-2015-2320 Improper Certificate Validation vulnerability in multiple products
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
network
low complexity
mono-project debian CWE-295
critical
9.8
2018-01-06 CVE-2018-5208 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
network
low complexity
irssi debian CWE-119
critical
9.8