Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-06 CVE-2018-5208 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings.
network
low complexity
irssi debian CWE-119
7.5
2018-01-06 CVE-2018-5206 NULL Pointer Dereference vulnerability in multiple products
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
network
low complexity
irssi debian CWE-476
7.5
2018-01-03 CVE-2017-1000476 Resource Exhaustion vulnerability in multiple products
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
7.1
2018-01-03 CVE-2017-1000501 Path Traversal vulnerability in multiple products
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
network
low complexity
awstats debian CWE-22
7.5
2017-12-30 CVE-2017-17997 NULL Pointer Dereference vulnerability in multiple products
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes.
network
low complexity
wireshark debian CWE-476
7.5
2017-12-29 CVE-2014-4914 SQL Injection vulnerability in multiple products
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
network
low complexity
zend debian CWE-89
7.5
2017-12-27 CVE-2017-17935 Out-of-bounds Read vulnerability in multiple products
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
network
low complexity
wireshark debian CWE-125
7.5
2017-12-27 CVE-2017-17914 Excessive Iteration vulnerability in multiple products
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
7.1
2017-12-27 CVE-2017-17863 Integer Overflow or Wraparound vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.
local
low complexity
linux debian CWE-190
7.2
2017-12-27 CVE-2017-17857 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.
local
low complexity
linux debian CWE-119
7.8