Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-20 CVE-2017-12607 Out-of-bounds Write vulnerability in multiple products
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
local
low complexity
apache debian CWE-787
7.8
2017-11-20 CVE-2017-16899 Improper Validation of Array Index vulnerability in multiple products
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.
local
low complexity
xfig-project debian CWE-129
7.1
2017-11-20 CVE-2017-16544 Code Injection vulnerability in multiple products
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal.
network
low complexity
busybox debian vmware redlion canonical CWE-94
8.8
2017-11-17 CVE-2017-1000229 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
local
low complexity
optipng-project debian CWE-190
7.8
2017-11-16 CVE-2017-16853 Improper Verification of Cryptographic Signature vulnerability in multiple products
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
network
high complexity
shibboleth debian CWE-347
8.1
2017-11-16 CVE-2017-16852 Improper Verification of Cryptographic Signature vulnerability in multiple products
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
network
high complexity
shibboleth debian CWE-347
8.1
2017-11-16 CVE-2017-15864 In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.
network
low complexity
otrs debian
8.8
2017-11-15 CVE-2017-15115 Use After Free vulnerability in multiple products
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
local
low complexity
linux debian suse canonical CWE-416
7.8
2017-11-15 CVE-2017-15923 Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
network
low complexity
konversation debian
7.5
2017-11-15 CVE-2017-8815 Improper Input Validation vulnerability in multiple products
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
network
low complexity
mediawiki debian CWE-20
7.5