Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-02-24 CVE-2017-6302 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in ytnef before 1.9.1.
local
low complexity
ytnef-project debian CWE-190
7.8
7.8
2017-02-24 CVE-2017-6301 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in ytnef before 1.9.1.
local
low complexity
ytnef-project debian CWE-125
7.8
7.8
2017-02-24 CVE-2017-6300 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in ytnef before 1.9.1.
local
low complexity
ytnef-project debian CWE-119
7.8
7.8
2017-02-24 CVE-2017-6298 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in ytnef before 1.9.1.
local
low complexity
ytnef-project debian CWE-476
7.8
7.8
2017-02-22 CVE-2016-9956 Improper Access Control vulnerability in multiple products
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
network
low complexity
debian fedoraproject flightgear CWE-284
7.5
7.5
2017-02-18 CVE-2017-6074 Double Free vulnerability in multiple products
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
local
low complexity
linux debian CWE-415
7.8
7.8
2017-02-17 CVE-2017-6056 Infinite Loop vulnerability in multiple products
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop.
network
low complexity
canonical debian CWE-835
7.5
7.5
2017-02-17 CVE-2017-6014 Infinite Loop vulnerability in multiple products
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion.
network
low complexity
wireshark debian CWE-835
7.5
7.5
2017-02-15 CVE-2016-8677 The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
network
low complexity
imagemagick opensuse debian
8.8
8.8
2017-02-15 CVE-2016-9560 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
local
low complexity
jasper-project debian redhat CWE-787
7.8
7.8