Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2017-02-18 CVE-2017-6074 Double Free vulnerability in multiple products
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
local
low complexity
linux debian CWE-415
7.8
7.8
2017-02-17 CVE-2017-6056 Infinite Loop vulnerability in multiple products
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop.
network
low complexity
canonical debian CWE-835
7.5
7.5
2017-02-17 CVE-2017-6014 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-02-17 CVE-2016-9955 Improper Input Validation vulnerability in multiple products
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
local
high complexity
simplesamlphp debian CWE-20
6.3
6.3
2017-02-16 CVE-2017-6011 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in icoutils 0.31.1.
local
low complexity
icoutils-project debian redhat CWE-125
5.5
5.5
2017-02-16 CVE-2017-6010 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in icoutils 0.31.1.
local
low complexity
icoutils-project debian redhat CWE-119
5.5
5.5
2017-02-16 CVE-2017-6009 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in icoutils 0.31.1.
local
low complexity
icoutils-project debian redhat CWE-119
5.5
5.5
2017-02-15 CVE-2016-8677 The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
network
low complexity
imagemagick opensuse debian
8.8
8.8
2017-02-15 CVE-2016-9560 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
local
low complexity
jasper-project debian redhat CWE-787
7.8
7.8
2017-02-15 CVE-2016-8862 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
network
low complexity
imagemagick debian CWE-119
8.8
8.8