Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-11 CVE-2017-0903 Deserialization of Untrusted Data vulnerability in multiple products
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability.
network
low complexity
rubygems debian canonical redhat CWE-502
7.5
2017-10-11 CVE-2017-15238 Use After Free vulnerability in multiple products
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
network
low complexity
graphicsmagick debian CWE-416
8.8
2017-10-10 CVE-2017-15191 Use of Externally-Controlled Format String vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash.
network
low complexity
wireshark debian CWE-134
7.5
2017-10-10 CVE-2017-5637 Missing Authentication for Critical Function vulnerability in multiple products
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests.
network
low complexity
apache debian CWE-306
7.5
2017-10-05 CVE-2017-15041 Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution.
network
low complexity
golang debian redhat
7.5
2017-10-05 CVE-2017-1000111 Out-of-bounds Write vulnerability in multiple products
Linux kernel: heap out-of-bounds in AF_PACKET sockets.
local
low complexity
linux redhat debian CWE-787
7.8
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
2017-10-03 CVE-2017-14496 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
7.5
2017-10-03 CVE-2017-14495 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
network
low complexity
redhat debian canonical thekelleys CWE-772
7.5
2017-10-03 CVE-2017-13704 Improper Input Validation vulnerability in multiple products
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value.
7.5