Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 8956 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5938 4 Debian, Opensuse, Opensuse Project and 1 more 4 Debian Linux, Leap, Leap and 1 more 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
CVE-2017-6011 3 Debian, Icoutils Project, Redhat 8 Debian Linux, Icoutils, Enterprise Linux Desktop and 5 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.
CVE-2016-10195 2 Debian, Libevent Project 2 Debian Linux, Libevent 2023-12-10 7.5 HIGH 9.8 CRITICAL
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
CVE-2017-9065 2 Debian, Wordpress 2 Debian Linux, Wordpress 2023-12-10 5.0 MEDIUM 7.5 HIGH
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
CVE-2017-6304 2 Debian, Ytnef Project 2 Debian Linux, Ytnef 2023-12-10 6.8 MEDIUM 7.8 HIGH
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."
CVE-2016-2518 7 Debian, Freebsd, Netapp and 4 more 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
CVE-2017-6014 2 Debian, Wireshark 2 Debian Linux, Wireshark 2023-12-10 7.8 HIGH 7.5 HIGH
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory.
CVE-2015-8504 2 Debian, Qemu 2 Debian Linux, Qemu 2023-12-10 3.5 LOW 6.5 MEDIUM
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
CVE-2017-5356 2 Debian, Irssi 2 Debian Linux, Irssi 2023-12-10 5.0 MEDIUM 7.5 HIGH
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).
CVE-2016-9559 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVE-2016-9830 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
CVE-2017-8844 2 Debian, Long Range Zip Project 2 Debian Linux, Long Range Zip 2023-12-10 6.8 MEDIUM 7.8 HIGH
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
CVE-2016-7440 4 Debian, Mariadb, Oracle and 1 more 4 Debian Linux, Mariadb, Mysql and 1 more 2023-12-10 2.1 LOW 5.5 MEDIUM
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
CVE-2016-2378 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2023-12-10 6.8 MEDIUM 8.1 HIGH
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.
CVE-2017-8355 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-3533 3 Debian, Oracle, Redhat 12 Debian Linux, Jdk, Jre and 9 more 2023-12-10 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2016-10246 2 Artifex, Debian 2 Mupdf, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVE-2017-6298 2 Debian, Ytnef Project 2 Debian Linux, Ytnef 2023-12-10 6.8 MEDIUM 7.8 HIGH
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."
CVE-2016-9963 3 Canonical, Debian, Exim 3 Ubuntu Linux, Debian Linux, Exim 2023-12-10 2.6 LOW 5.9 MEDIUM
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
CVE-2016-9955 2 Debian, Simplesamlphp 2 Debian Linux, Simplesamlphp 2023-12-10 4.0 MEDIUM 6.3 MEDIUM
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.