Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-06-20 | CVE-2017-7668 | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. | Http_server, Mac_os_x, Debian_linux, Clustered_data_ontap, Oncommand_unified_manager, Storagegrid, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.5 | ||
| 2017-06-21 | CVE-2017-9766 | In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. | Debian_linux, Wireshark | 7.5 | ||
| 2017-07-06 | CVE-2016-4000 | Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. | Debian_linux, Jython | 9.8 | ||
| 2017-07-13 | CVE-2017-9788 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. | Http_server, Mac_os_x, Debian_linux, Oncommand_unified_manager, Storage_automation_store, Secure_global_desktop, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_core_services, Jboss_enterprise_application_platform, Jboss_enterprise_web_server | 9.1 | ||
| 2017-07-18 | CVE-2017-11406 | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. | Debian_linux, Wireshark | 7.5 | ||
| 2017-07-18 | CVE-2017-11407 | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. | Debian_linux, Wireshark | 7.5 | ||
| 2017-07-18 | CVE-2017-11409 | In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. | Debian_linux, Wireshark | 7.5 | ||
| 2017-07-25 | CVE-2017-9233 | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | Debian_linux, Libexpat, Python | 7.5 | ||
| 2017-07-26 | CVE-2017-9611 | The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | Ghostscript, Debian_linux | 7.8 | ||
| 2017-07-26 | CVE-2017-9612 | The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. | Ghostscript_ghostxps, Debian_linux | 7.8 |