Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-04-26 CVE-2017-8283 Path Traversal vulnerability in Debian Dpkg
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
network
low complexity
debian CWE-22
critical
9.8
2017-04-24 CVE-2017-8105 Out-of-bounds Write vulnerability in multiple products
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
network
low complexity
freetype debian CWE-787
critical
9.8
2017-04-14 CVE-2017-7865 Out-of-bounds Write vulnerability in multiple products
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.
network
low complexity
ffmpeg debian CWE-787
critical
9.8
2017-04-14 CVE-2017-7863 Out-of-bounds Write vulnerability in multiple products
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.
network
low complexity
ffmpeg debian CWE-787
critical
9.8
2017-04-13 CVE-2015-6674 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid.
network
low complexity
inspircd debian CWE-119
critical
9.8
2017-04-11 CVE-2016-1908 Improper Authentication vulnerability in multiple products
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.
network
low complexity
openbsd debian oracle redhat CWE-287
critical
9.8
2017-04-06 CVE-2016-8735 Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports.
network
low complexity
apache canonical netapp debian redhat oracle
critical
9.8
2017-03-31 CVE-2014-5008 Command Injection vulnerability in multiple products
Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat debian CWE-77
critical
9.8
2017-03-24 CVE-2017-5511 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
network
low complexity
imagemagick debian CWE-119
critical
9.8
2017-03-23 CVE-2017-5897 Out-of-bounds Read vulnerability in multiple products
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
network
low complexity
linux canonical debian CWE-125
critical
9.8