Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-06-19 CVE-2017-1000369 Improper Resource Shutdown or Release vulnerability in multiple products
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution.
local
low complexity
exim debian CWE-404
4.0
2017-06-16 CVE-2017-9503 NULL Pointer Dereference vulnerability in multiple products
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
local
low complexity
qemu debian CWE-476
5.5
2017-06-16 CVE-2017-9375 Infinite Loop vulnerability in multiple products
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
local
low complexity
qemu debian CWE-835
5.5
2017-06-16 CVE-2017-9373 Memory Leak vulnerability in multiple products
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
local
low complexity
qemu debian CWE-401
5.5
2017-06-13 CVE-2017-4967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
network
low complexity
pivotal-software vmware debian CWE-79
6.1
2017-06-13 CVE-2017-4965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
network
low complexity
pivotal-software vmware debian CWE-79
6.1
2017-06-09 CVE-2017-9525 Link Following vulnerability in multiple products
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
local
low complexity
cron-project debian CWE-59
6.7
2017-06-08 CVE-2017-9330 Infinite Loop vulnerability in multiple products
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
local
high complexity
qemu debian CWE-835
5.6
2017-06-08 CVE-2017-9310 Infinite Loop vulnerability in multiple products
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.
local
high complexity
qemu debian CWE-835
5.6
2017-06-06 CVE-2017-9461 Infinite Loop vulnerability in multiple products
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
network
low complexity
samba redhat debian CWE-835
6.5