Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-11 CVE-2017-9527 Use After Free vulnerability in multiple products
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.
local
low complexity
mruby debian CWE-416
7.8
2017-06-09 CVE-2017-0376 Reachable Assertion vulnerability in multiple products
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.
network
low complexity
torproject debian CWE-617
7.5
2017-06-08 CVE-2017-9022 Improper Input Validation vulnerability in multiple products
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
network
low complexity
strongswan debian canonical CWE-20
7.5
2017-06-07 CVE-2017-9469 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory.
network
low complexity
irssi debian CWE-119
7.5
2017-06-07 CVE-2017-9468 NULL Pointer Dereference vulnerability in multiple products
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer.
network
low complexity
irssi debian CWE-476
7.5
2017-06-06 CVE-2017-9462 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
network
low complexity
mercurial debian redhat CWE-732
8.8
2017-06-02 CVE-2017-9349 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop.
network
low complexity
wireshark debian CWE-835
7.5
2017-06-02 CVE-2017-9344 Divide By Zero vulnerability in multiple products
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero.
network
low complexity
wireshark debian CWE-369
7.5
2017-06-01 CVE-2017-8386 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
network
low complexity
git opensuse debian canonical fedoraproject
8.8
2017-05-23 CVE-2017-8309 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
network
low complexity
qemu debian redhat CWE-772
7.5