Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-15 | CVE-2017-6060 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. | 6.8 |
2017-03-15 | CVE-2017-5938 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | 4.3 |
2017-03-12 | CVE-2017-6816 | Incorrect Authorization vulnerability in Wordpress In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | 5.5 |
2017-03-12 | CVE-2017-6815 | Improper Input Validation vulnerability in Wordpress In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | 5.8 |
2017-03-10 | CVE-2017-6314 | Infinite Loop vulnerability in multiple products The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | 5.5 |
2017-03-10 | CVE-2017-6312 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | 5.5 |
2017-03-07 | CVE-2016-6255 | Improper Access Control vulnerability in multiple products Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. | 5.0 |
2017-03-07 | CVE-2016-5315 | Out-of-bounds Read vulnerability in multiple products The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | 4.3 |
2017-03-07 | CVE-2013-5653 | Information Exposure vulnerability in multiple products The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | 4.3 |
2017-03-06 | CVE-2016-10244 | Out-of-bounds Read vulnerability in multiple products The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. | 6.8 |