Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2017-04-06 CVE-2016-8735 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports.
network
low complexity
apache canonical netapp debian redhat oracle
critical
 9.8
9.8
2017-03-31 CVE-2014-5008 Command Injection vulnerability in multiple products
Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat debian CWE-77
critical
 9.8
9.8
2017-03-28 CVE-2017-6964 Unchecked Return Value vulnerability in multiple products
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root.
local
low complexity
canonical debian CWE-252
7.8
7.8
2017-03-27 CVE-2017-5973 Infinite Loop vulnerability in multiple products
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
local
low complexity
qemu debian redhat CWE-835
5.5
5.5
2017-03-24 CVE-2017-5511 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
network
low complexity
imagemagick debian CWE-119
critical
 9.8
9.8
2017-03-24 CVE-2017-5510 Out-of-bounds Write vulnerability in multiple products
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
local
low complexity
imagemagick debian CWE-787
7.8
7.8
2017-03-24 CVE-2017-5507 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
network
low complexity
imagemagick debian CWE-772
7.5
7.5
2017-03-24 CVE-2017-5506 Double Free vulnerability in multiple products
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
local
low complexity
imagemagick debian CWE-415
7.8
7.8
2017-03-24 CVE-2016-10149 XXE vulnerability in multiple products
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
network
low complexity
pysaml2-project debian CWE-611
7.5
7.5
2017-03-23 CVE-2016-9556 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. 		5.5
5.5