Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000445 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service | 6.5 |
| 2017-12-31 | CVE-2017-18005 | NULL Pointer Dereference vulnerability in multiple products Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file. | 5.5 |
| 2017-12-29 | CVE-2017-17760 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. | 6.5 |
| 2017-12-27 | CVE-2017-17914 | Excessive Iteration vulnerability in multiple products In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. | 6.5 |
| 2017-12-27 | CVE-2017-17862 | Improper Input Validation vulnerability in multiple products kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. | 5.5 |
| 2017-12-27 | CVE-2017-17844 | Cleartext Transmission of Sensitive Information vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 6.5 |
| 2017-12-27 | CVE-2017-17843 | An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002. | 5.9 |
| 2017-12-20 | CVE-2017-17788 | Out-of-bounds Read vulnerability in multiple products In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | 5.5 |
| 2017-12-18 | CVE-2017-17741 | Out-of-bounds Read vulnerability in multiple products The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. | 6.5 |
| 2017-12-14 | CVE-2017-16355 | Information Exposure vulnerability in multiple products In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | 4.7 |