Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-11 CVE-2017-17503 Out-of-bounds Read vulnerability in multiple products
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-11 CVE-2017-17502 Out-of-bounds Read vulnerability in multiple products
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-11 CVE-2017-17501 Out-of-bounds Read vulnerability in multiple products
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-11 CVE-2017-17500 Out-of-bounds Read vulnerability in multiple products
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-12-08 CVE-2017-16921 OS Command Injection vulnerability in multiple products
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
network
low complexity
otrs debian CWE-78
8.8
2017-12-07 CVE-2017-1000410 Information Exposure vulnerability in multiple products
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages.
network
low complexity
linux debian redhat CWE-200
7.5
2017-12-06 CVE-2017-17439 NULL Pointer Dereference vulnerability in multiple products
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm.
network
low complexity
debian heimdal-project CWE-476
7.5
2017-12-06 CVE-2017-17432 Reachable Assertion vulnerability in multiple products
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
network
low complexity
openafs debian CWE-617
7.5
2017-12-05 CVE-2017-15868 Improper Input Validation vulnerability in multiple products
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
local
low complexity
linux canonical debian CWE-20
7.8
2017-12-05 CVE-2016-1255 Link Following vulnerability in Debian Postgresql-Common
The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.
local
low complexity
debian CWE-59
7.8