Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-09-14 CVE-2017-12987 Out-of-bounds Read vulnerability in multiple products
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
network
low complexity
tcpdump redhat debian CWE-125
critical
9.8
2017-09-14 CVE-2017-12902 Out-of-bounds Read vulnerability in multiple products
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
network
low complexity
tcpdump redhat debian CWE-125
critical
9.8
2017-09-14 CVE-2017-12899 Out-of-bounds Read vulnerability in multiple products
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
network
low complexity
tcpdump redhat debian CWE-125
critical
9.8
2017-09-14 CVE-2017-12896 Out-of-bounds Read vulnerability in multiple products
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
network
low complexity
tcpdump redhat debian CWE-125
critical
9.8
2017-09-03 CVE-2017-14122 Out-of-bounds Read vulnerability in multiple products
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
network
low complexity
rarlab debian CWE-125
critical
9.1
2017-09-01 CVE-2017-12873 Session Fixation vulnerability in multiple products
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
network
low complexity
simplesamlphp debian CWE-384
critical
9.8
2017-08-31 CVE-2017-0899 Code Injection vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters.
network
low complexity
rubygems debian redhat CWE-94
critical
9.8
2017-08-31 CVE-2017-14064 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call.
network
low complexity
ruby-lang debian canonical redhat CWE-119
critical
9.8
2017-08-31 CVE-2017-14062 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
network
low complexity
gnu debian CWE-190
critical
9.8
2017-08-29 CVE-2017-12865 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
network
low complexity
intel debian CWE-119
critical
9.8