Vulnerabilities > Debian > Debian Linux > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-29 | CVE-2017-8817 | Out-of-bounds Read vulnerability in multiple products The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. | 9.8 |
| 2017-11-29 | CVE-2017-8816 | Integer Overflow or Wraparound vulnerability in multiple products The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. | 9.8 |
| 2017-11-27 | CVE-2017-14746 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | 9.8 |
| 2017-11-25 | CVE-2017-16943 | Use After Free vulnerability in multiple products The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. | 9.8 |
| 2017-11-21 | CVE-2017-16613 | Improper Authentication vulnerability in multiple products An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. | 9.8 |
| 2017-11-21 | CVE-2017-16840 | Out-of-bounds Read vulnerability in multiple products The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. | 9.8 |
| 2017-11-17 | CVE-2017-16845 | Improper Input Validation vulnerability in multiple products hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | 10.0 |
| 2017-11-17 | CVE-2017-16872 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. | 9.8 |
| 2017-11-17 | CVE-2017-1000158 | Integer Overflow or Wraparound vulnerability in multiple products CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | 9.8 |
| 2017-11-16 | CVE-2017-8807 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects. | 9.1 |