Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-08-08 CVE-2017-10089 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-08-08 CVE-2017-10087 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-08-08 CVE-2017-10086 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).
network
low complexity
oracle debian netapp
critical
9.6
2017-08-07 CVE-2015-7871 Improper Authentication vulnerability in multiple products
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
network
low complexity
ntp debian netapp CWE-287
critical
9.8
2017-08-05 CVE-2017-12562 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
libsndfile-project debian CWE-119
critical
9.8
2017-08-04 CVE-2017-12424 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors.
network
low complexity
shadow-project debian CWE-119
critical
9.8
2017-07-13 CVE-2017-9788 Improper Input Validation vulnerability in multiple products
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest.
network
low complexity
apache debian apple netapp redhat oracle CWE-20
critical
9.1
2017-07-10 CVE-2017-11139 Double Free vulnerability in multiple products
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
network
low complexity
graphicsmagick debian CWE-415
critical
9.8
2017-07-06 CVE-2016-4000 Deserialization of Untrusted Data vulnerability in multiple products
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
network
low complexity
jython-project debian CWE-502
critical
9.8
2017-06-29 CVE-2017-10672 Use After Free vulnerability in multiple products
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.
network
low complexity
xml-libxml-project debian CWE-416
critical
9.8