Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-29 CVE-2017-18078 Link Following vulnerability in multiple products
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
local
low complexity
systemd-project debian opensuse CWE-59
7.8
2018-01-26 CVE-2017-12380 NULL Pointer Dereference vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
debian clamav CWE-476
7.8
2018-01-26 CVE-2017-12378 Out-of-bounds Read vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
7.1
2018-01-26 CVE-2017-12375 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
debian clamav CWE-119
7.8
2018-01-26 CVE-2017-12374 Use After Free vulnerability in multiple products
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
debian clamav CWE-416
7.8
2018-01-24 CVE-2017-12187 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
2018-01-24 CVE-2017-12186 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
2018-01-24 CVE-2017-12185 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
2018-01-24 CVE-2017-12184 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5
2018-01-24 CVE-2017-12183 Improper Input Validation vulnerability in multiple products
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
network
low complexity
debian x-org CWE-20
7.5