Vulnerabilities > Debian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-08 | CVE-2017-8829 | Deserialization of Untrusted Data vulnerability in Debian Lintian Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. | 7.8 |
| 2017-05-02 | CVE-2017-7483 | Out-of-bounds Read vulnerability in multiple products Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. | 7.5 |
| 2017-04-30 | CVE-2017-8361 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | 8.8 |
| 2017-04-29 | CVE-2017-7957 | Improper Input Validation vulnerability in multiple products XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. | 7.5 |
| 2017-04-27 | CVE-2017-8291 | Type Confusion vulnerability in multiple products Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | 7.8 |
| 2017-04-24 | CVE-2017-5043 | Use After Free vulnerability in multiple products Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | 8.8 |
| 2017-04-24 | CVE-2017-5039 | Use After Free vulnerability in multiple products A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | 7.8 |
| 2017-04-24 | CVE-2017-5037 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | 7.8 |
| 2017-04-24 | CVE-2017-5036 | Use After Free vulnerability in multiple products A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file. | 7.8 |
| 2017-04-24 | CVE-2017-5035 | Race Condition vulnerability in multiple products Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. | 8.1 |