Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-02-24 CVE-2017-6300 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in ytnef before 1.9.1.
local
low complexity
ytnef-project debian CWE-119
7.8
2017-02-24 CVE-2017-6298 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in ytnef before 1.9.1.
local
low complexity
ytnef-project debian CWE-476
7.8
2017-02-22 CVE-2016-1245 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages.
network
low complexity
quagga debian CWE-119
7.5
2017-02-22 CVE-2016-9956 Improper Access Control vulnerability in multiple products
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
network
low complexity
debian fedoraproject flightgear CWE-284
7.5
2017-02-18 CVE-2017-6074 Double Free vulnerability in multiple products
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
local
low complexity
linux debian CWE-415
7.8
2017-02-17 CVE-2017-6056 Infinite Loop vulnerability in multiple products
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop.
network
low complexity
canonical debian CWE-835
7.5
2017-02-17 CVE-2017-6014 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion.
network
low complexity
wireshark debian CWE-835
7.8
2017-02-15 CVE-2017-5991 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465.
network
low complexity
artifex debian CWE-476
7.5
2017-02-09 CVE-2016-2148 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
network
low complexity
busybox debian canonical CWE-119
7.5
2017-02-06 CVE-2016-7448 Resource Management Errors vulnerability in multiple products
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
network
low complexity
graphicsmagick debian opensuse CWE-399
7.8