Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-08 | CVE-2017-10086 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). | 9.6 |
2017-08-07 | CVE-2015-7871 | Improper Authentication vulnerability in multiple products Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | 9.8 |
2017-08-05 | CVE-2017-12562 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 9.8 |
2017-08-04 | CVE-2017-12424 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. | 9.8 |
2017-07-13 | CVE-2017-9788 | Improper Input Validation vulnerability in multiple products In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. | 9.1 |
2017-07-10 | CVE-2017-11139 | Double Free vulnerability in multiple products GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. | 9.8 |
2017-07-06 | CVE-2016-4000 | Deserialization of Untrusted Data vulnerability in multiple products Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. | 9.8 |
2017-06-29 | CVE-2017-10672 | Use After Free vulnerability in multiple products Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. | 9.8 |
2017-06-20 | CVE-2017-3167 | Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | 9.8 |
2017-05-30 | CVE-2017-7494 | Code Injection vulnerability in multiple products Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. | 9.8 |