Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-13748 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | 7.5 |
| 2017-08-24 | CVE-2017-11424 | In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. | 7.5 |
| 2017-08-24 | CVE-2017-12836 | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." | 7.5 |
| 2017-08-24 | CVE-2017-12137 | Classic Buffer Overflow vulnerability in multiple products arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | 8.8 |
| 2017-08-24 | CVE-2017-12136 | Race Condition vulnerability in multiple products Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | 7.8 |
| 2017-08-24 | CVE-2017-12135 | Incorrect Calculation vulnerability in multiple products Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | 8.8 |
| 2017-08-23 | CVE-2017-12904 | Improper Neutralization of Special Elements in Data Query Logic vulnerability in multiple products Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. | 8.8 |
| 2017-08-23 | CVE-2017-11610 | Incorrect Default Permissions vulnerability in multiple products The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | 8.8 |
| 2017-08-22 | CVE-2017-5208 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. | 8.8 |
| 2017-08-19 | CVE-2017-10661 | Use After Free vulnerability in multiple products Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. | 7.0 |