Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-09-14 CVE-2017-12896 Out-of-bounds Read vulnerability in multiple products
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
network
low complexity
tcpdump redhat debian CWE-125
critical
9.8
2017-09-03 CVE-2017-14122 Out-of-bounds Read vulnerability in multiple products
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
network
low complexity
rarlab debian CWE-125
critical
9.1
2017-09-01 CVE-2017-12873 Session Fixation vulnerability in multiple products
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
network
low complexity
simplesamlphp debian CWE-384
critical
9.8
2017-08-31 CVE-2017-0899 Code Injection vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters.
network
low complexity
rubygems debian redhat CWE-94
critical
9.8
2017-08-31 CVE-2017-14064 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call.
network
low complexity
ruby-lang debian canonical redhat CWE-119
critical
9.8
2017-08-31 CVE-2017-14062 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
network
low complexity
gnu debian CWE-190
critical
9.8
2017-08-29 CVE-2017-12865 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
network
low complexity
intel debian CWE-119
critical
9.8
2017-08-28 CVE-2014-9513 Improper Access Control vulnerability in Debian Xbindkeys-Config 0.1.32
Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.
network
low complexity
debian CWE-284
critical
9.8
2017-08-23 CVE-2017-13139 Out-of-bounds Read vulnerability in multiple products
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
network
low complexity
imagemagick debian canonical CWE-125
critical
9.8
2017-08-16 CVE-2017-7546 Improper Authentication vulnerability in multiple products
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
network
low complexity
postgresql debian CWE-287
critical
9.8