Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-01 CVE-2017-17084 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash.
network
low complexity
wireshark debian CWE-754
7.5
2017-12-01 CVE-2017-17083 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash.
network
low complexity
wireshark debian CWE-754
7.5
2017-11-29 CVE-2017-8817 Out-of-bounds Read vulnerability in multiple products
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.
network
low complexity
haxx debian CWE-125
7.5
2017-11-29 CVE-2017-8816 Integer Overflow or Wraparound vulnerability in multiple products
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.
network
low complexity
haxx debian CWE-190
7.5
2017-11-27 CVE-2017-14746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
network
low complexity
samba redhat debian canonical CWE-416
7.5
2017-11-25 CVE-2017-16943 Use After Free vulnerability in multiple products
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
network
low complexity
exim debian CWE-416
7.5
2017-11-24 CVE-2017-16939 Use After Free vulnerability in multiple products
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
local
low complexity
linux debian CWE-416
7.8
2017-11-23 CVE-2017-16927 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream.
local
low complexity
neutrinolabs debian CWE-119
8.4
2017-11-21 CVE-2017-16613 Improper Authentication vulnerability in multiple products
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1.
network
low complexity
openstack debian CWE-287
7.5
2017-11-20 CVE-2017-16544 Code Injection vulnerability in multiple products
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal.
network
low complexity
busybox debian vmware redlion canonical CWE-94
8.8