Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-31 | CVE-2017-14062 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | 7.5 |
2017-08-30 | CVE-2017-13777 | Excessive Iteration vulnerability in multiple products GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 7.1 |
2017-08-30 | CVE-2017-13776 | Excessive Iteration vulnerability in multiple products GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 7.1 |
2017-08-30 | CVE-2017-13765 | Out-of-bounds Read vulnerability in multiple products In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. | 7.5 |
2017-08-29 | CVE-2017-0379 | Information Exposure vulnerability in multiple products Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | 7.5 |
2017-08-29 | CVE-2017-12865 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | 7.5 |
2017-08-29 | CVE-2017-13748 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | 7.5 |
2017-08-28 | CVE-2014-9513 | Improper Access Control vulnerability in Debian Xbindkeys-Config 0.1.32 Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. | 7.5 |
2017-08-24 | CVE-2017-12137 | Classic Buffer Overflow vulnerability in multiple products arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | 7.2 |
2017-08-23 | CVE-2017-12904 | Improper Neutralization of Special Elements in Data Query Logic vulnerability in multiple products Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. | 8.8 |