Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-18 CVE-2017-9064 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
network
low complexity
wordpress debian CWE-352
8.8
2017-05-18 CVE-2017-9062 Open Redirect vulnerability in multiple products
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
network
low complexity
wordpress debian CWE-601
8.6
2017-05-17 CVE-2017-7493 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue.
local
low complexity
qemu debian CWE-732
7.8
2017-05-17 CVE-2017-8849 Improper Input Validation vulnerability in multiple products
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
local
low complexity
smb4k-project debian CWE-20
7.8
2017-05-14 CVE-2017-7487 Use After Free vulnerability in multiple products
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.
local
low complexity
linux debian CWE-416
7.8
2017-05-10 CVE-2017-8890 Double Free vulnerability in multiple products
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
local
low complexity
linux debian CWE-415
7.8
2017-05-08 CVE-2017-8844 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
local
low complexity
long-range-zip-project debian CWE-119
7.8
2017-05-08 CVE-2017-8829 Deserialization of Untrusted Data vulnerability in Debian Lintian
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
local
low complexity
debian CWE-502
7.8
2017-05-02 CVE-2017-7483 Out-of-bounds Read vulnerability in multiple products
Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.
network
low complexity
rxvt-project debian CWE-125
7.5
2017-04-30 CVE-2017-8361 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
network
low complexity
libsndfile-project debian CWE-119
8.8