Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-11-21 CVE-2017-16613 Improper Authentication vulnerability in multiple products
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1.
network
low complexity
openstack debian CWE-287
critical
9.8
2017-11-21 CVE-2017-16840 Out-of-bounds Read vulnerability in multiple products
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
network
low complexity
ffmpeg debian CWE-125
critical
9.8
2017-11-17 CVE-2017-16845 Improper Input Validation vulnerability in multiple products
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
network
low complexity
qemu debian canonical CWE-20
critical
10.0
2017-11-17 CVE-2017-16872 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1.
network
low complexity
teluu debian CWE-119
critical
9.8
2017-11-17 CVE-2017-1000158 Integer Overflow or Wraparound vulnerability in multiple products
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
network
low complexity
python debian CWE-190
critical
9.8
2017-11-16 CVE-2017-8807 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.
network
low complexity
varnish-cache varnish-cache-project debian CWE-119
critical
9.1
2017-11-15 CVE-2017-8809 Injection vulnerability in multiple products
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
network
low complexity
mediawiki debian CWE-74
critical
9.8
2017-11-06 CVE-2017-16548 Out-of-bounds Read vulnerability in multiple products
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
network
low complexity
samba debian canonical CWE-125
critical
9.8
2017-10-31 CVE-2017-1000257 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An IMAP FETCH response line indicates the size of the returned data, in number of bytes.
network
low complexity
haxx debian CWE-119
critical
9.1
2017-10-19 CVE-2017-10346 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).
network
low complexity
oracle redhat netapp debian
critical
9.6