Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2017-12182 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12181 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12180 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12179 | Integer Overflow or Wraparound vulnerability in multiple products xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12178 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12177 | Integer Overflow or Wraparound vulnerability in multiple products xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-24 | CVE-2017-12176 | Improper Input Validation vulnerability in multiple products xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | 7.5 |
| 2018-01-22 | CVE-2018-6003 | Uncontrolled Recursion vulnerability in multiple products An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. | 7.5 |
| 2018-01-22 | CVE-2018-5968 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. | 8.1 |
| 2018-01-21 | CVE-2016-10708 | NULL Pointer Dereference vulnerability in multiple products sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | 7.5 |