Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-23 CVE-2017-11610 Incorrect Default Permissions vulnerability in multiple products
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
network
low complexity
supervisord fedoraproject debian redhat CWE-276
8.8
2017-08-22 CVE-2017-5208 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.
network
low complexity
icoutils-project debian redhat CWE-190
8.8
2017-08-19 CVE-2017-10661 Use After Free vulnerability in multiple products
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
local
high complexity
linux redhat debian CWE-416
7.0
2017-08-18 CVE-2017-12937 Out-of-bounds Read vulnerability in multiple products
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-08-18 CVE-2017-12936 Use After Free vulnerability in multiple products
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
network
low complexity
graphicsmagick debian CWE-416
8.8
2017-08-18 CVE-2017-12935 Out-of-bounds Read vulnerability in multiple products
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
network
low complexity
graphicsmagick debian CWE-125
8.8
2017-08-16 CVE-2017-7548 PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.
network
low complexity
postgresql debian
7.5
2017-08-15 CVE-2017-12864 Integer Overflow or Wraparound vulnerability in multiple products
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow.
network
low complexity
opencv debian CWE-190
8.8
2017-08-15 CVE-2017-12863 Integer Overflow or Wraparound vulnerability in multiple products
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch.
network
low complexity
opencv debian CWE-190
8.8
2017-08-15 CVE-2017-12862 Out-of-bounds Write vulnerability in multiple products
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later.
network
low complexity
opencv debian CWE-787
8.8