Filtered by vendor Debian
Subscribe
Total
9474 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0379 | 2 Debian, Gnupg | 2 Debian Linux, Libgcrypt | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | |||||
| CVE-2017-5100 | 4 Debian, Google, Microsoft and 1 more | 6 Debian Linux, Chrome, Windows and 3 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-15954 | 2 Bchunk Project, Debian | 2 Bchunk, Debian Linux | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. | |||||
| CVE-2017-5356 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]). | |||||
| CVE-2017-3291 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2025-04-20 | 3.5 LOW | 6.3 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2017-12864 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | |||||
| CVE-2017-8312 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. | |||||
| CVE-2017-17788 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | |||||
| CVE-2017-2896 | 2 Debian, Libxls Project | 2 Debian Linux, Libxls | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | |||||
| CVE-2017-14121 | 2 Debian, Rarlab | 2 Debian Linux, Unrar | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references. | |||||
| CVE-2017-3157 | 3 Apache, Debian, Redhat | 8 Openoffice, Debian Linux, Enterprise Linux Desktop and 5 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back. | |||||
| CVE-2017-14632 | 3 Canonical, Debian, Xiph.org | 3 Ubuntu Linux, Debian Linux, Libvorbis | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | |||||
| CVE-2017-8353 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-7377 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 2.1 LOW | 6.0 MEDIUM |
| The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. | |||||
| CVE-2017-9349 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | |||||
| CVE-2017-17866 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | |||||
| CVE-2017-11683 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||||
| CVE-2016-2370 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability. | |||||
| CVE-2017-10086 | 3 Debian, Netapp, Oracle | 19 Debian Linux, Active Iq Unified Manager, Cloud Backup and 16 more | 2025-04-20 | 6.8 MEDIUM | 9.6 CRITICAL |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2016-7447 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | |||||