Total
9123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10160 | 3 Debian, Netapp, Php | 3 Debian Linux, Clustered Data Ontap, Php | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | |||||
| CVE-2017-6801 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. | |||||
| CVE-2017-15572 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. | |||||
| CVE-2016-2366 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. | |||||
| CVE-2017-8028 | 2 Debian, Pivotal Software | 2 Debian Linux, Spring-ldap | 2025-04-20 | 5.1 MEDIUM | 8.1 HIGH |
| In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect. | |||||
| CVE-2017-7548 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2025-04-20 | 4.0 MEDIUM | 7.5 HIGH |
| PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. | |||||
| CVE-2016-8692 | 3 Debian, Fedoraproject, Jasper Project | 3 Debian Linux, Fedora, Jasper | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command. | |||||
| CVE-2016-9830 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | |||||
| CVE-2017-7746 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. | |||||
| CVE-2017-5091 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-17502 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. | |||||
| CVE-2017-11407 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. | |||||
| CVE-2017-6312 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | |||||
| CVE-2017-10806 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. | |||||
| CVE-2017-9066 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | |||||
| CVE-2017-13004 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). | |||||
| CVE-2017-9064 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | |||||
| CVE-2017-7700 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. | |||||
| CVE-2017-4967 | 3 Broadcom, Debian, Pivotal Software | 3 Rabbitmq Server, Debian Linux, Rabbitmq | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. | |||||
| CVE-2017-5848 | 3 Debian, Gstreamer Project, Redhat | 8 Debian Linux, Gstreamer, Enterprise Linux Desktop and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | |||||