Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-26 CVE-2017-9935 Out-of-bounds Read vulnerability in multiple products
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c.
network
low complexity
libtiff canonical debian CWE-125
8.8
2017-06-22 CVE-2017-9776 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
local
low complexity
freedesktop debian redhat CWE-190
7.8
2017-06-21 CVE-2017-9780 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable.
local
low complexity
flatpak debian CWE-732
7.8
2017-06-21 CVE-2017-9766 Uncontrolled Recursion vulnerability in multiple products
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
network
low complexity
wireshark debian CWE-674
7.5
2017-06-20 CVE-2017-7668 Out-of-bounds Read vulnerability in multiple products
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string.
network
low complexity
apache netapp redhat debian oracle apple CWE-125
7.5
2017-06-19 CVE-2017-1000376 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack.
local
high complexity
redhat debian libffi-project oracle CWE-119
7.0
2017-06-19 CVE-2017-1000366 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution.
7.8
2017-06-16 CVE-2017-9735 Information Exposure Through Discrepancy vulnerability in multiple products
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
network
low complexity
eclipse debian oracle CWE-203
7.5
2017-06-13 CVE-2017-4966 Information Exposure vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
local
low complexity
pivotal-software vmware debian CWE-200
7.8
2017-06-12 CVE-2017-9324 Improper Privilege Management vulnerability in multiple products
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access.
network
low complexity
otrs debian CWE-269
8.8