Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-01 | CVE-2017-13711 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | 7.5 |
| 2017-09-01 | CVE-2017-12869 | Improper Input Validation vulnerability in multiple products The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. | 7.5 |
| 2017-08-31 | CVE-2017-0902 | Origin Validation Error vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | 8.1 |
| 2017-08-31 | CVE-2017-0901 | Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | 7.5 |
| 2017-08-31 | CVE-2017-0900 | Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | 7.5 |
| 2017-08-30 | CVE-2017-14041 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. | 8.8 |
| 2017-08-30 | CVE-2017-14040 | Out-of-bounds Write vulnerability in multiple products An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. | 8.8 |
| 2017-08-30 | CVE-2017-14039 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. | 8.8 |
| 2017-08-30 | CVE-2017-13765 | Out-of-bounds Read vulnerability in multiple products In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. | 7.5 |
| 2017-08-29 | CVE-2017-0379 | Information Exposure vulnerability in multiple products Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | 7.5 |