Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-21 CVE-2017-14246 Out-of-bounds Read vulnerability in multiple products
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
network
low complexity
libsndfile-project debian CWE-125
8.1
2017-09-21 CVE-2017-14245 Out-of-bounds Read vulnerability in multiple products
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
network
low complexity
libsndfile-project debian CWE-125
8.1
2017-09-20 CVE-2015-5395 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
network
low complexity
debian alinto CWE-352
8.8
2017-09-20 CVE-2017-14607 Out-of-bounds Read vulnerability in multiple products
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c.
network
low complexity
imagemagick debian canonical CWE-125
8.1
2017-09-19 CVE-2015-1854 Improper Access Control vulnerability in multiple products
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
network
low complexity
fedoraproject debian CWE-284
7.5
2017-09-18 CVE-2017-9798 Use After Free vulnerability in multiple products
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed.
network
low complexity
apache debian CWE-416
7.5
2017-09-15 CVE-2017-14497 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.
local
low complexity
linux debian CWE-119
7.8
2017-09-14 CVE-2017-14482 GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el.
network
low complexity
gnu debian
8.8
2017-09-13 CVE-2017-2816 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11.
network
low complexity
libofx-project debian CWE-119
8.8
2017-09-12 CVE-2017-1000251 Out-of-bounds Write vulnerability in multiple products
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
low complexity
linux debian nvidia redhat CWE-787
8.0