Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-24 CVE-2017-12613 Out-of-bounds Read vulnerability in multiple products
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
local
low complexity
apache debian redhat CWE-125
7.1
2017-10-22 CVE-2017-15723 NULL Pointer Dereference vulnerability in multiple products
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.
network
low complexity
irssi debian CWE-476
7.5
2017-10-22 CVE-2017-15721 NULL Pointer Dereference vulnerability in multiple products
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference.
network
low complexity
irssi debian CWE-476
7.5
2017-10-22 CVE-2015-5177 Double Free vulnerability in multiple products
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
network
low complexity
openslp debian CWE-415
7.5
2017-10-20 CVE-2013-6049 Improper Input Validation vulnerability in multiple products
apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.
local
low complexity
apt-listbugs-project debian CWE-20
7.8
2017-10-19 CVE-2017-10388 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
high complexity
oracle redhat netapp debian
7.5
2017-10-18 CVE-2017-15577 Information Exposure vulnerability in multiple products
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
network
low complexity
redmine debian CWE-200
7.5
2017-10-18 CVE-2017-15576 Information Exposure vulnerability in multiple products
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
network
low complexity
redmine debian CWE-200
7.5
2017-10-18 CVE-2017-15575 In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
network
low complexity
redmine debian
7.3
2017-10-18 CVE-2017-15572 Information Exposure Through Log Files vulnerability in multiple products
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
network
low complexity
redmine debian CWE-532
7.5