Total
8819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7613 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | |||||
| CVE-2017-8112 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-12-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | |||||
| CVE-2016-9907 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2023-12-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. | |||||
| CVE-2017-7889 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | |||||
| CVE-2017-2520 | 2 Apple, Debian | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. | |||||
| CVE-2017-9142 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | |||||
| CVE-2017-6836 | 2 Audiofile, Debian | 2 Audiofile, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2017-3309 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2023-12-10 | 4.0 MEDIUM | 7.7 HIGH |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | |||||
| CVE-2017-5975 | 2 Debian, Zziplib Project | 2 Debian Linux, Zziplib | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | |||||
| CVE-2016-2090 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | |||||
| CVE-2016-2317 | 4 Debian, Graphicsmagick, Opensuse and 1 more | 7 Debian Linux, Graphicsmagick, Leap and 4 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | |||||
| CVE-2017-7697 | 2 Debian, Libsamplerate Project | 2 Debian Linux, Libsamplerate | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. | |||||
| CVE-2017-6891 | 3 Apache, Debian, Gnu | 3 Bookkeeper, Debian Linux, Libtasn1 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. | |||||
| CVE-2017-5039 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2016-7170 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
| The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command. | |||||
| CVE-2017-5506 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. | |||||
| CVE-2016-9427 | 3 Bdwgc Project, Debian, Opensuse | 4 Bdwgc, Debian Linux, Leap and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. | |||||
| CVE-2017-6499 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). | |||||
| CVE-2016-9532 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. | |||||
| CVE-2017-5612 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. | |||||