Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-08-08 CVE-2017-10086 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).
network
low complexity
oracle debian netapp
critical
9.6
2017-08-07 CVE-2015-7871 Improper Authentication vulnerability in multiple products
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
network
low complexity
ntp debian netapp CWE-287
critical
9.8
2017-08-05 CVE-2017-12562 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
libsndfile-project debian CWE-119
critical
9.8
2017-08-04 CVE-2017-12424 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors.
network
low complexity
shadow-project debian CWE-119
critical
9.8
2017-07-13 CVE-2017-9788 Improper Input Validation vulnerability in multiple products
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest.
network
low complexity
apache debian apple netapp redhat oracle CWE-20
critical
9.1
2017-07-10 CVE-2017-11139 Double Free vulnerability in multiple products
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
network
low complexity
graphicsmagick debian CWE-415
critical
9.8
2017-07-06 CVE-2016-4000 Deserialization of Untrusted Data vulnerability in multiple products
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
network
low complexity
jython-project debian CWE-502
critical
9.8
2017-06-29 CVE-2017-10672 Use After Free vulnerability in multiple products
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.
network
low complexity
xml-libxml-project debian CWE-416
critical
9.8
2017-06-20 CVE-2017-3167 Improper Authentication vulnerability in multiple products
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
network
low complexity
apache netapp redhat apple debian oracle CWE-287
critical
9.8
2017-05-30 CVE-2017-7494 Code Injection vulnerability in multiple products
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
network
low complexity
samba debian CWE-94
critical
9.8