Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-13756 | Infinite Loop vulnerability in multiple products In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. | 5.5 |
| 2017-08-29 | CVE-2017-13755 | Out-of-bounds Read vulnerability in multiple products In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. | 5.5 |
| 2017-08-29 | CVE-2017-13737 | Use After Free vulnerability in multiple products There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | 6.5 |
| 2017-08-28 | CVE-2017-3735 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. | 5.3 |
| 2017-08-28 | CVE-2017-12877 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | 4.3 |
| 2017-08-24 | CVE-2017-11424 | In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. | 5.0 |
| 2017-08-24 | CVE-2017-12836 | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." | 5.1 |
| 2017-08-24 | CVE-2017-12136 | Race Condition vulnerability in multiple products Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | 6.9 |
| 2017-08-24 | CVE-2017-12135 | Incorrect Calculation vulnerability in multiple products Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | 4.6 |
| 2017-08-22 | CVE-2017-5208 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. | 6.8 |