Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-03 CVE-2017-14990 Cleartext Storage of Sensitive Information vulnerability in multiple products
WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).
network
low complexity
wordpress debian CWE-312
6.5
6.5
2017-10-03 CVE-2017-14494 Information Exposure vulnerability in multiple products
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
network
high complexity
redhat debian novell canonical thekelleys CWE-200
5.9
5.9
2017-09-30 CVE-2017-14928 NULL Pointer Dereference vulnerability in multiple products
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.
local
low complexity
freedesktop debian CWE-476
5.5
5.5
2017-09-30 CVE-2017-14926 NULL Pointer Dereference vulnerability in multiple products
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
local
low complexity
freedesktop debian CWE-476
5.5
5.5
2017-09-29 CVE-2017-14864 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-119
5.5
5.5
2017-09-29 CVE-2017-14862 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-119
5.5
5.5
2017-09-29 CVE-2017-14859 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26.
local
low complexity
exiv2 canonical debian CWE-119
5.5
5.5
2017-09-26 CVE-2017-14737 A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD.
local
low complexity
botan-project debian
5.5
5.5
2017-09-25 CVE-2017-14733 Out-of-bounds Read vulnerability in multiple products
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
6.5
6.5
2017-09-25 CVE-2015-6748 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
network
low complexity
jsoup debian CWE-79
6.1
6.1