Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-05 CVE-2016-1254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
7.5
2017-12-03 CVE-2017-8823 Use After Free vulnerability in multiple products
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013.
network
high complexity
tor-project debian CWE-416
8.1
2017-12-03 CVE-2017-8821 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.
network
low complexity
tor-project debian CWE-119
7.5
2017-12-03 CVE-2017-8820 NULL Pointer Dereference vulnerability in multiple products
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.
network
low complexity
tor-project debian CWE-476
7.5
2017-12-03 CVE-2017-8819 In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009.
network
low complexity
tor-project debian
7.5
2017-12-01 CVE-2017-16612 Integer Overflow or Wraparound vulnerability in multiple products
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.
network
low complexity
debian canonical x CWE-190
7.5
2017-12-01 CVE-2017-17085 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash.
network
low complexity
wireshark debian CWE-754
7.5
2017-12-01 CVE-2017-17084 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash.
network
low complexity
wireshark debian CWE-754
7.5
2017-12-01 CVE-2017-17083 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash.
network
low complexity
wireshark debian CWE-754
7.5
2017-11-27 CVE-2017-15275 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
network
low complexity
samba redhat debian canonical CWE-119
7.5