Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-01 | CVE-2017-16352 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. | 8.8 |
2017-10-31 | CVE-2017-1000256 | Improper Certificate Validation vulnerability in multiple products libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | 8.1 |
2017-10-29 | CVE-2017-16227 | Improper Input Validation vulnerability in multiple products The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | 7.5 |
2017-10-27 | CVE-2017-13090 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The retr.c:fd_read_body() function is called when processing OK responses. | 8.8 |
2017-10-27 | CVE-2017-13089 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. | 8.8 |
2017-10-27 | CVE-2017-15930 | NULL Pointer Dereference vulnerability in multiple products In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | 8.8 |
2017-10-27 | CVE-2017-15924 | OS Command Injection vulnerability in multiple products In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | 7.8 |
2017-10-27 | CVE-2017-5122 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. | 8.8 |
2017-10-27 | CVE-2017-5121 | Improper Input Validation vulnerability in multiple products Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | 8.8 |
2017-10-27 | CVE-2017-5116 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |