Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-13 CVE-2015-6674 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid.
network
low complexity
inspircd debian CWE-119
7.5
2017-04-12 CVE-2017-7747 Improper Input Validation vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-20
7.5
2017-04-12 CVE-2017-7746 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-835
7.5
2017-04-12 CVE-2017-7703 Injection vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file.
network
low complexity
wireshark debian CWE-74
7.5
2017-04-11 CVE-2015-8666 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
local
low complexity
qemu debian CWE-787
7.9
2017-04-11 CVE-2016-4483 Deserialization of Untrusted Data vulnerability in multiple products
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization.
network
low complexity
xmlsoft debian oracle CWE-502
7.5
2017-03-31 CVE-2014-5008 Command Injection vulnerability in multiple products
Snoopy allows remote attackers to execute arbitrary commands.
network
low complexity
snoopy redhat debian CWE-77
7.5
2017-03-28 CVE-2017-6964 Unchecked Return Value vulnerability in multiple products
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root.
local
low complexity
canonical debian CWE-252
7.8
2017-03-24 CVE-2017-5510 Out-of-bounds Write vulnerability in multiple products
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
local
low complexity
imagemagick debian CWE-787
7.8
2017-03-24 CVE-2017-5507 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
network
low complexity
imagemagick debian CWE-772
7.8