Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-24 CVE-2017-3309 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).
network
low complexity
oracle debian mariadb redhat
7.7
2017-04-24 CVE-2017-3308 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
network
low complexity
oracle debian mariadb redhat
7.7
2017-04-23 CVE-2017-8073 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin.
network
low complexity
weechat debian CWE-119
7.5
2017-04-23 CVE-2017-8064 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
local
low complexity
linux debian CWE-119
7.8
2017-04-21 CVE-2016-2347 Integer Overflow or Wraparound vulnerability in multiple products
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
local
low complexity
opensuse debian lhasa-project CWE-190
7.8
2017-04-18 CVE-2017-7645 Improper Input Validation vulnerability in multiple products
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
network
low complexity
linux debian canonical CWE-20
7.5
2017-04-17 CVE-2016-7551 Resource Management Errors vulnerability in multiple products
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
network
low complexity
digium debian CWE-399
7.5
2017-04-17 CVE-2017-7889 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
local
low complexity
linux debian canonical CWE-732
7.8
2017-04-14 CVE-2017-7868 Out-of-bounds Write vulnerability in multiple products
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
network
low complexity
icu-project debian CWE-787
7.5
2017-04-14 CVE-2017-7867 Out-of-bounds Write vulnerability in multiple products
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
network
low complexity
icu-project debian CWE-787
7.5