Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-23 CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. 8.8
2017-05-23 CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. 8.8
2017-05-23 CVE-2016-5177 Use After Free vulnerability in multiple products
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
8.8
2017-05-22 CVE-2017-6891 Out-of-bounds Write vulnerability in multiple products
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g.
network
low complexity
gnu debian apache CWE-787
8.8
2017-05-19 CVE-2017-9098 Use of Uninitialized Resource vulnerability in multiple products
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users.
network
low complexity
imagemagick graphicsmagick debian CWE-908
7.5
2017-05-19 CVE-2017-9078 Double Free vulnerability in multiple products
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
network
low complexity
dropbear-ssh-project debian netapp CWE-415
8.8
2017-05-19 CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
local
low complexity
linux debian
7.8
2017-05-19 CVE-2017-9075 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
local
low complexity
linux debian
7.8
2017-05-18 CVE-2017-9066 Server-Side Request Forgery (SSRF) vulnerability in multiple products
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
network
low complexity
wordpress debian CWE-918
8.6
2017-05-18 CVE-2017-9065 Improper Input Validation vulnerability in multiple products
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
network
low complexity
wordpress debian CWE-20
7.5