Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2015-1336 | Improper Access Control vulnerability in Man-Db Project Man-Db The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | 7.2 |
| 2017-09-26 | CVE-2014-8156 | Permissions, Privileges, and Access Controls vulnerability in multiple products The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. local low complexity fso-frameworkd-project fso-gsmd-project fso-usaged-project phonefsod-project debian CWE-264 | 7.2 |
| 2017-09-21 | CVE-2017-14632 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | 7.5 |
| 2017-09-20 | CVE-2015-5395 | Cross-Site Request Forgery (CSRF) vulnerability in Debian Linux 7.0/8.0/9.0 Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | 8.8 |
| 2017-09-19 | CVE-2015-1854 | Improper Access Control vulnerability in multiple products 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | 7.5 |
| 2017-09-18 | CVE-2017-9798 | Use After Free vulnerability in multiple products Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. | 7.5 |
| 2017-09-15 | CVE-2017-14497 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2017-09-14 | CVE-2017-13725 | Out-of-bounds Read vulnerability in multiple products The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | 7.5 |
| 2017-09-14 | CVE-2017-13687 | Out-of-bounds Read vulnerability in multiple products The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). | 7.5 |
| 2017-09-14 | CVE-2017-13028 | Out-of-bounds Read vulnerability in multiple products The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). | 7.5 |