Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-06-20 CVE-2017-3167 Improper Authentication vulnerability in multiple products
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
network
low complexity
apache netapp redhat apple debian oracle CWE-287
critical
9.8
2017-05-30 CVE-2017-7494 Code Injection vulnerability in multiple products
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
network
low complexity
samba debian CWE-94
critical
9.8
2017-05-25 CVE-2015-5211 Files or Directories Accessible to External Parties vulnerability in multiple products
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack.
network
low complexity
vmware debian CWE-552
critical
9.6
2017-05-23 CVE-2017-9214 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
network
low complexity
openvswitch debian redhat CWE-191
critical
9.8
2017-05-23 CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs
critical
9.8
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp nodejs
critical
9.8
2017-05-23 CVE-2016-5178 Improper Input Validation vulnerability in multiple products
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google opensuse debian redhat fedoraproject CWE-20
critical
9.8
2017-05-22 CVE-2017-2520 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in certain Apple products.
network
low complexity
apple debian CWE-787
critical
9.8
2017-05-22 CVE-2017-2519 An issue was discovered in certain Apple products.
network
low complexity
apple debian
critical
9.8
2017-05-22 CVE-2017-2518 Use After Free vulnerability in multiple products
An issue was discovered in certain Apple products.
network
low complexity
apple debian CWE-416
critical
9.8