Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-19 CVE-2017-1000376 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack.
local
high complexity
redhat debian libffi-project oracle CWE-119
7.0
2017-06-19 CVE-2017-1000366 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution.
7.2
2017-06-16 CVE-2017-9735 Information Exposure Through Discrepancy vulnerability in multiple products
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
network
low complexity
eclipse debian oracle CWE-203
7.5
2017-06-08 CVE-2017-9022 Improper Input Validation vulnerability in multiple products
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
network
low complexity
strongswan debian canonical CWE-20
7.5
2017-06-02 CVE-2017-9349 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop.
network
low complexity
wireshark debian CWE-835
7.5
2017-06-02 CVE-2017-9344 Divide By Zero vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero.
network
low complexity
wireshark debian CWE-369
7.5
2017-06-01 CVE-2017-8386 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
network
low complexity
git opensuse debian canonical fedoraproject
8.8
2017-05-23 CVE-2017-9214 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
network
low complexity
openvswitch debian redhat CWE-191
7.5
2017-05-23 CVE-2017-8309 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
network
low complexity
qemu debian redhat CWE-772
7.8
2017-05-23 CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. 8.8