Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-12 | CVE-2017-6817 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | 5.4 |
| 2017-03-12 | CVE-2017-6816 | Incorrect Authorization vulnerability in multiple products In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | 4.9 |
| 2017-03-12 | CVE-2017-6815 | Improper Input Validation vulnerability in multiple products In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | 6.1 |
| 2017-03-12 | CVE-2017-6814 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. | 5.4 |
| 2017-03-10 | CVE-2017-6314 | Infinite Loop vulnerability in multiple products The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | 5.5 |
| 2017-03-10 | CVE-2017-6312 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | 5.5 |
| 2017-03-07 | CVE-2016-5315 | Out-of-bounds Read vulnerability in multiple products The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | 5.5 |
| 2017-03-07 | CVE-2013-5653 | Information Exposure vulnerability in multiple products The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | 5.5 |
| 2017-03-06 | CVE-2017-6500 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in ImageMagick 6.9.7. | 5.5 |
| 2017-03-06 | CVE-2017-6499 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products An issue was discovered in Magick++ in ImageMagick 6.9.7. | 5.5 |