Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-29 | CVE-2017-14859 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. | 5.5 |
| 2017-09-26 | CVE-2017-14737 | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. | 5.5 |
| 2017-09-25 | CVE-2017-14733 | Out-of-bounds Read vulnerability in multiple products ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 6.5 |
| 2017-09-25 | CVE-2015-6748 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | 6.1 |
| 2017-09-21 | CVE-2017-12153 | NULL Pointer Dereference vulnerability in multiple products A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. | 4.4 |
| 2017-09-21 | CVE-2017-14634 | Divide By Zero vulnerability in multiple products In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. | 6.5 |
| 2017-09-21 | CVE-2017-14633 | Out-of-bounds Read vulnerability in multiple products In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | 6.5 |
| 2017-09-20 | CVE-2015-2927 | Resource Management Errors vulnerability in multiple products node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | 6.5 |
| 2017-09-20 | CVE-2017-14604 | Improper Input Validation vulnerability in multiple products GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. | 6.5 |
| 2017-09-18 | CVE-2017-14528 | Use After Free vulnerability in multiple products The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. | 6.5 |