Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-01 CVE-2017-13711 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
network
low complexity
qemu debian CWE-416
7.5
2017-09-01 CVE-2017-12869 Improper Input Validation vulnerability in multiple products
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.
network
low complexity
simplesamlphp debian CWE-20
7.5
2017-08-31 CVE-2017-0902 Origin Validation Error vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
network
high complexity
rubygems debian canonical redhat CWE-346
8.1
2017-08-31 CVE-2017-0901 Improper Input Validation vulnerability in multiple products
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
network
low complexity
rubygems debian canonical redhat CWE-20
7.5
2017-08-31 CVE-2017-0900 Improper Input Validation vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
network
low complexity
rubygems debian redhat CWE-20
7.5
2017-08-30 CVE-2017-14041 Out-of-bounds Write vulnerability in multiple products
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0.
network
low complexity
uclouvain debian CWE-787
8.8
2017-08-30 CVE-2017-14040 Out-of-bounds Write vulnerability in multiple products
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function.
network
low complexity
uclouvain debian CWE-787
8.8
2017-08-30 CVE-2017-14039 Out-of-bounds Write vulnerability in multiple products
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0.
network
low complexity
uclouvain debian CWE-787
8.8
2017-08-30 CVE-2017-13765 Out-of-bounds Read vulnerability in multiple products
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash.
network
low complexity
wireshark debian CWE-125
7.5
2017-08-29 CVE-2017-0379 Information Exposure vulnerability in multiple products
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
network
low complexity
gnupg debian CWE-200
7.5