Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-03 | CVE-2017-13704 | Improper Input Validation vulnerability in multiple products In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. | 7.5 |
| 2017-10-02 | CVE-2017-14977 | NULL Pointer Dereference vulnerability in multiple products The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | 7.5 |
| 2017-10-02 | CVE-2017-14976 | Out-of-bounds Read vulnerability in multiple products The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. | 7.5 |
| 2017-10-02 | CVE-2017-14975 | NULL Pointer Dereference vulnerability in multiple products The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | 7.5 |
| 2017-09-29 | CVE-2017-14867 | OS Command Injection vulnerability in multiple products Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. | 8.8 |
| 2017-09-21 | CVE-2017-14160 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. | 8.8 |
| 2017-09-21 | CVE-2017-14246 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 8.1 |
| 2017-09-21 | CVE-2017-14245 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 8.1 |
| 2017-09-20 | CVE-2015-5395 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | 8.8 |
| 2017-09-20 | CVE-2017-14607 | Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. | 8.1 |