Vulnerabilities > Debian > Debian Linux > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-02 | CVE-2016-10243 | Improper Input Validation vulnerability in multiple products TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | 9.8 |
2017-04-28 | CVE-2017-7895 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. | 9.8 |
2017-04-24 | CVE-2017-8105 | Out-of-bounds Write vulnerability in multiple products FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | 9.8 |
2017-04-14 | CVE-2017-7865 | Out-of-bounds Write vulnerability in multiple products FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. | 9.8 |
2017-04-14 | CVE-2017-7863 | Out-of-bounds Write vulnerability in multiple products FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | 9.8 |
2017-04-13 | CVE-2015-6674 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. | 9.8 |
2017-04-11 | CVE-2016-1908 | Improper Authentication vulnerability in multiple products The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | 9.8 |
2017-04-06 | CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. | 9.8 |
2017-03-31 | CVE-2014-5008 | Command Injection vulnerability in multiple products Snoopy allows remote attackers to execute arbitrary commands. | 9.8 |
2017-03-24 | CVE-2017-5511 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. | 9.8 |