Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-11 CVE-2017-17502 Out-of-bounds Read vulnerability in multiple products
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-11 CVE-2017-17501 Out-of-bounds Read vulnerability in multiple products
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-11 CVE-2017-17500 Out-of-bounds Read vulnerability in multiple products
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-11 CVE-2017-17499 Use After Free vulnerability in multiple products
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
network
low complexity
imagemagick canonical debian CWE-416
7.5
2017-12-08 CVE-2017-17480 Out-of-bounds Write vulnerability in multiple products
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c.
network
low complexity
uclouvain debian canonical CWE-787
7.5
2017-12-06 CVE-2017-17432 Reachable Assertion vulnerability in multiple products
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
network
low complexity
openafs debian CWE-617
7.8
2017-12-05 CVE-2017-15868 Improper Input Validation vulnerability in multiple products
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
local
low complexity
linux canonical debian CWE-20
7.8
2017-12-05 CVE-2016-1255 Link Following vulnerability in Debian Postgresql-Common
The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.
local
low complexity
debian canonical CWE-59
7.2
2017-12-05 CVE-2016-1254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
7.5
2017-12-01 CVE-2017-17085 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash.
network
low complexity
wireshark debian CWE-754
7.5