Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-23 CVE-2017-11610 Incorrect Default Permissions vulnerability in multiple products
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
network
low complexity
supervisord fedoraproject debian redhat CWE-276
8.8
2017-08-19 CVE-2017-10661 Use After Free vulnerability in multiple products
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
local
high complexity
linux redhat debian CWE-416
7.0
2017-08-18 CVE-2017-12937 Out-of-bounds Read vulnerability in multiple products
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-08-18 CVE-2017-12936 Use After Free vulnerability in multiple products
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
network
low complexity
graphicsmagick debian CWE-416
8.8
2017-08-18 CVE-2017-12935 Out-of-bounds Read vulnerability in multiple products
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-08-16 CVE-2017-7548 PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.
network
low complexity
postgresql debian
7.5
2017-08-16 CVE-2017-7546 Improper Authentication vulnerability in multiple products
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
network
low complexity
postgresql debian CWE-287
7.5
2017-08-11 CVE-2016-6796 A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
network
low complexity
apache debian netapp canonical oracle redhat
7.5
2017-08-10 CVE-2016-6797 Incorrect Authorization vulnerability in multiple products
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.
network
low complexity
apache oracle debian netapp canonical redhat CWE-863
7.5
2017-08-09 CVE-2015-3405 Insufficient Entropy vulnerability in multiple products
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
7.5