Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-31 | CVE-2017-0901 | Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | 6.4 |
| 2017-08-31 | CVE-2017-0900 | Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | 5.0 |
| 2017-08-31 | CVE-2016-10510 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php. | 4.3 |
| 2017-08-30 | CVE-2017-14041 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. | 6.8 |
| 2017-08-30 | CVE-2017-14040 | Out-of-bounds Write vulnerability in multiple products An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. | 6.8 |
| 2017-08-30 | CVE-2017-14039 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. | 6.8 |
| 2017-08-30 | CVE-2017-13775 | GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. | 6.5 |
| 2017-08-30 | CVE-2017-13769 | Out-of-bounds Read vulnerability in multiple products The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | 4.3 |
| 2017-08-30 | CVE-2017-13768 | NULL Pointer Dereference vulnerability in multiple products Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. | 4.3 |
| 2017-08-29 | CVE-2017-13760 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a. | 5.5 |