Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-17783 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.
network
high complexity
graphicsmagick debian CWE-125
7.5
2017-12-20 CVE-2017-17782 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-15 CVE-2017-17670 Use After Free vulnerability in multiple products
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
network
low complexity
videolan debian CWE-416
8.8
2017-12-15 CVE-2017-17405 OS Command Injection vulnerability in multiple products
Ruby before 2.4.3 allows Net::FTP command injection.
network
low complexity
ruby-lang debian redhat CWE-78
8.8
2017-12-14 CVE-2017-17527 Injection vulnerability in multiple products
delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
pasdoc-project debian CWE-74
8.8
2017-12-14 CVE-2017-17520 Injection vulnerability in Debian TIN 2.4.1
tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
debian CWE-74
8.8
2017-12-14 CVE-2017-17515 Injection vulnerability in multiple products
etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
ecmwf debian CWE-74
8.8
2017-12-14 CVE-2017-17514 Injection vulnerability in multiple products
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
network
low complexity
nip2-project debian CWE-74
8.8
2017-12-14 CVE-2017-17511 Injection vulnerability in multiple products
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.
network
low complexity
kildclient debian CWE-74
8.8
2017-12-11 CVE-2017-1000407 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
7.4