Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-23 CVE-2017-13145 Improper Input Validation vulnerability in multiple products
In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.
network
low complexity
imagemagick debian canonical CWE-20
6.5
6.5
2017-08-22 CVE-2017-13065 NULL Pointer Dereference vulnerability in multiple products
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
network
low complexity
graphicsmagick debian CWE-476
6.5
6.5
2017-08-22 CVE-2017-13064 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
network
low complexity
graphicsmagick debian CWE-119
6.5
6.5
2017-08-22 CVE-2017-13063 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.
network
low complexity
graphicsmagick debian CWE-119
6.5
6.5
2017-08-10 CVE-2016-6794 When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager.
network
low complexity
apache debian redhat netapp canonical oracle
5.3
5.3
2017-08-10 CVE-2016-0762 Information Exposure Through Discrepancy vulnerability in multiple products
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist.
network
high complexity
apache canonical debian redhat netapp oracle CWE-203
5.9
5.9
2017-08-08 CVE-2017-3652 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).
network
high complexity
oracle debian
4.2
4.2
2017-08-08 CVE-2017-3651 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump).
network
low complexity
oracle mariadb debian redhat
4.3
4.3
2017-08-08 CVE-2017-3648 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets).
network
high complexity
oracle debian
4.4
4.4
2017-08-08 CVE-2017-3641 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).
network
low complexity
oracle debian redhat mariadb
4.9
4.9