Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-23 | CVE-2017-8379 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. | 6.5 |
| 2017-05-22 | CVE-2017-9144 | Improper Input Validation vulnerability in multiple products In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | 6.5 |
| 2017-05-22 | CVE-2017-9143 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | 6.5 |
| 2017-05-22 | CVE-2017-9142 | Reachable Assertion vulnerability in multiple products In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | 6.5 |
| 2017-05-22 | CVE-2017-9141 | Reachable Assertion vulnerability in multiple products In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | 6.5 |
| 2017-05-19 | CVE-2017-9079 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. | 4.7 |
| 2017-05-18 | CVE-2017-9063 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | 6.1 |
| 2017-05-18 | CVE-2017-9061 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. | 6.1 |
| 2017-05-12 | CVE-2017-8925 | Improper Resource Shutdown or Release vulnerability in multiple products The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. | 5.5 |
| 2017-05-12 | CVE-2017-8924 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. | 4.6 |