Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-29 | CVE-2017-14867 | OS Command Injection vulnerability in multiple products Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. | 8.8 |
2017-09-28 | CVE-2015-1336 | Improper Access Control vulnerability in Man-Db Project Man-Db The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | 7.2 |
2017-09-26 | CVE-2014-8156 | Permissions, Privileges, and Access Controls vulnerability in multiple products The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. local low complexity fso-frameworkd-project fso-gsmd-project fso-usaged-project phonefsod-project debian CWE-264 | 7.2 |
2017-09-21 | CVE-2017-14632 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | 7.5 |
2017-09-20 | CVE-2015-5395 | Cross-Site Request Forgery (CSRF) vulnerability in Debian Linux 7.0/8.0/9.0 Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | 8.8 |
2017-09-19 | CVE-2015-1854 | Improper Access Control vulnerability in multiple products 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | 7.5 |
2017-09-18 | CVE-2017-9798 | Use After Free vulnerability in multiple products Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. | 7.5 |
2017-09-15 | CVE-2017-14497 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. | 7.8 |
2017-09-14 | CVE-2017-13725 | Out-of-bounds Read vulnerability in multiple products The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | 7.5 |
2017-09-14 | CVE-2017-13687 | Out-of-bounds Read vulnerability in multiple products The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). | 7.5 |