Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-23 | CVE-2016-9842 | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | 8.8 |
| 2017-05-23 | CVE-2016-9840 | inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | 8.8 |
| 2017-05-23 | CVE-2016-5177 | Use After Free vulnerability in multiple products Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | 8.8 |
| 2017-05-22 | CVE-2017-6891 | Out-of-bounds Write vulnerability in multiple products Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. | 8.8 |
| 2017-05-19 | CVE-2017-9098 | Use of Uninitialized Resource vulnerability in multiple products ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. | 7.5 |
| 2017-05-19 | CVE-2017-9078 | Double Free vulnerability in multiple products The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | 8.8 |
| 2017-05-19 | CVE-2017-9076 | The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 7.8 |
| 2017-05-19 | CVE-2017-9075 | The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 7.8 |
| 2017-05-18 | CVE-2017-9066 | Server-Side Request Forgery (SSRF) vulnerability in multiple products In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | 8.6 |
| 2017-05-18 | CVE-2017-9065 | Improper Input Validation vulnerability in multiple products In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. | 7.5 |