Filtered by vendor Debian
Subscribe
Total
8958 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8979 | 2 Debian, Dicom | 2 Debian Linux, Dcmtk | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242. | |||||
CVE-2017-6060 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. | |||||
CVE-2017-5667 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. | |||||
CVE-2017-3302 | 4 Debian, Mariadb, Oracle and 1 more | 8 Debian Linux, Mariadb, Mysql and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. | |||||
CVE-2017-8283 | 1 Debian | 1 Dpkg | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | |||||
CVE-2016-10159 | 2 Debian, Php | 2 Debian Linux, Php | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. | |||||
CVE-2016-2375 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure. | |||||
CVE-2017-6310 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. | |||||
CVE-2016-9842 | 8 Apple, Canonical, Debian and 5 more | 19 Iphone Os, Mac Os X, Tvos and 16 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | |||||
CVE-2016-9105 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2023-12-10 | 2.1 LOW | 6.0 MEDIUM |
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object. | |||||
CVE-2017-3456 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2017-6468 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. | |||||
CVE-2016-7798 | 2 Debian, Ruby-lang | 2 Debian Linux, Openssl | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. | |||||
CVE-2017-7645 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | |||||
CVE-2017-9061 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. | |||||
CVE-2017-8105 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | |||||
CVE-2017-5987 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer. | |||||
CVE-2017-7957 | 2 Debian, Xstream Project | 2 Debian Linux, Xstream | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. | |||||
CVE-2016-9106 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2023-12-10 | 2.1 LOW | 6.0 MEDIUM |
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector. | |||||
CVE-2016-5315 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. |