Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-12 | CVE-2017-9324 | Improper Privilege Management vulnerability in multiple products In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. | 6.5 |
2017-06-11 | CVE-2017-9527 | Use After Free vulnerability in multiple products The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file. | 6.8 |
2017-06-09 | CVE-2017-0376 | Reachable Assertion vulnerability in multiple products The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. | 5.0 |
2017-06-09 | CVE-2017-9525 | Link Following vulnerability in multiple products In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. | 6.9 |
2017-06-08 | CVE-2017-9330 | Infinite Loop vulnerability in multiple products QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. | 5.6 |
2017-06-08 | CVE-2017-9310 | Infinite Loop vulnerability in multiple products QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. | 5.6 |
2017-06-07 | CVE-2017-9469 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. | 5.0 |
2017-06-07 | CVE-2017-9468 | NULL Pointer Dereference vulnerability in multiple products In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. | 5.0 |
2017-06-06 | CVE-2017-9461 | Infinite Loop vulnerability in multiple products smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | 6.5 |
2017-06-06 | CVE-2015-1207 | Double Free vulnerability in multiple products Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. | 6.5 |