Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-30 | CVE-2017-13777 | Excessive Iteration vulnerability in multiple products GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 7.1 |
| 2017-08-30 | CVE-2017-13776 | Excessive Iteration vulnerability in multiple products GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 7.1 |
| 2017-08-30 | CVE-2017-13765 | Out-of-bounds Read vulnerability in multiple products In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. | 7.5 |
| 2017-08-29 | CVE-2017-0379 | Information Exposure vulnerability in multiple products Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | 7.5 |
| 2017-08-29 | CVE-2017-12865 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | 7.5 |
| 2017-08-29 | CVE-2017-13748 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | 7.5 |
| 2017-08-24 | CVE-2017-12137 | Classic Buffer Overflow vulnerability in multiple products arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | 7.2 |
| 2017-08-23 | CVE-2017-12904 | Improper Neutralization of Special Elements in Data Query Logic vulnerability in multiple products Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. | 8.8 |
| 2017-08-23 | CVE-2017-11610 | Incorrect Default Permissions vulnerability in multiple products The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | 8.8 |
| 2017-08-19 | CVE-2017-10661 | Use After Free vulnerability in multiple products Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. | 7.0 |