Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-1000363 Out-of-bounds Write vulnerability in multiple products
Linux drivers/char/lp.c Out-of-Bounds Write.
local
low complexity
linux debian CWE-787
7.8
2017-07-13 CVE-2017-11103 Insufficient Verification of Data Authenticity vulnerability in multiple products
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification.
network
high complexity
heimdal-project freebsd samba apple debian CWE-345
8.1
2017-07-13 CVE-2017-11173 Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests.
network
low complexity
rack-cors-project debian
8.8
2017-07-11 CVE-2017-11176 Use After Free vulnerability in multiple products
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic.
local
low complexity
linux debian CWE-416
7.8
2017-07-06 CVE-2017-9524 Improper Input Validation vulnerability in multiple products
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function.
network
low complexity
qemu debian CWE-20
7.5
2017-07-05 CVE-2017-2295 Deserialization of Untrusted Data vulnerability in multiple products
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format.
network
high complexity
puppet debian CWE-502
8.2
2017-07-04 CVE-2017-10810 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.
network
low complexity
linux debian CWE-772
7.5
2017-06-28 CVE-2017-9994 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.
local
low complexity
ffmpeg debian CWE-119
7.8
2017-06-28 CVE-2017-9993 Information Exposure vulnerability in multiple products
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.
network
low complexity
ffmpeg debian CWE-200
7.5
2017-06-28 CVE-2017-9992 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
network
low complexity
ffmpeg debian CWE-119
8.8