Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-17 CVE-2017-15565 NULL Pointer Dereference vulnerability in multiple products
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
network
low complexity
freedesktop debian CWE-476
8.8
2017-10-17 CVE-2017-13082 Use of Insufficiently Random Values vulnerability in multiple products
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
8.1
2017-10-16 CVE-2015-7504 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
local
low complexity
qemu xen debian CWE-787
8.8
2017-10-11 CVE-2017-2888 Integer Overflow or Wraparound vulnerability in multiple products
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5.
network
low complexity
libsdl canonical debian CWE-190
8.8
2017-10-11 CVE-2017-2887 Out-of-bounds Write vulnerability in multiple products
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1.
network
low complexity
libsdl debian CWE-787
8.8
2017-10-11 CVE-2017-15238 Use After Free vulnerability in multiple products
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
network
low complexity
graphicsmagick debian CWE-416
8.8
2017-10-10 CVE-2017-15191 Use of Externally-Controlled Format String vulnerability in multiple products
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash.
network
low complexity
wireshark debian CWE-134
7.5
2017-10-10 CVE-2017-5637 Missing Authentication for Critical Function vulnerability in multiple products
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests.
network
low complexity
apache debian CWE-306
7.5
2017-10-10 CVE-2017-13723 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.
local
low complexity
x-org debian CWE-119
7.8
2017-10-05 CVE-2017-1000115 Link Following vulnerability in multiple products
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
network
low complexity
mercurial debian redhat CWE-59
7.5