Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-05-25 CVE-2015-5211 Files or Directories Accessible to External Parties vulnerability in multiple products
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack.
network
low complexity
vmware debian CWE-552
critical
9.6
2017-05-23 CVE-2017-9214 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
network
low complexity
openvswitch debian redhat CWE-191
critical
9.8
2017-05-23 CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs
critical
9.8
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp nodejs
critical
9.8
2017-05-23 CVE-2016-5178 Improper Input Validation vulnerability in multiple products
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google opensuse debian redhat fedoraproject CWE-20
critical
9.8
2017-05-22 CVE-2017-2520 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in certain Apple products.
network
low complexity
apple debian CWE-787
critical
9.8
2017-05-22 CVE-2017-2519 An issue was discovered in certain Apple products.
network
low complexity
apple debian
critical
9.8
2017-05-22 CVE-2017-2518 Use After Free vulnerability in multiple products
An issue was discovered in certain Apple products.
network
low complexity
apple debian CWE-416
critical
9.8
2017-05-02 CVE-2016-10243 Improper Input Validation vulnerability in multiple products
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
network
low complexity
debian fedoraproject tug CWE-20
critical
9.8
2017-04-28 CVE-2017-7895 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
network
low complexity
linux debian CWE-119
critical
9.8