Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18264 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2024-08-05 | N/A |
| An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument. | ||||
| CVE-2017-18249 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-05 | N/A |
| The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. | ||||
| CVE-2017-18241 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-05 | N/A |
| fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. | ||||
| CVE-2017-18230 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-08-05 | N/A |
| An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. | ||||
| CVE-2017-18267 | 4 Canonical, Debian, Freedesktop and 1 more | 8 Ubuntu Linux, Debian Linux, Poppler and 5 more | 2024-08-05 | N/A |
| The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | ||||
| CVE-2017-18238 | 3 Debian, Exempi Project, Redhat | 3 Debian Linux, Exempi, Enterprise Linux | 2024-08-05 | N/A |
| An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file. | ||||
| CVE-2017-18231 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-08-05 | N/A |
| An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. | ||||
| CVE-2017-18236 | 4 Canonical, Debian, Exempi Project and 1 more | 4 Ubuntu Linux, Debian Linux, Exempi and 1 more | 2024-08-05 | N/A |
| An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. | ||||
| CVE-2017-18190 | 4 Apple, Canonical, Debian and 1 more | 4 Cups, Ubuntu Linux, Debian Linux and 1 more | 2024-08-05 | N/A |
| A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). | ||||
| CVE-2017-18187 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-08-05 | N/A |
| In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. | ||||
| CVE-2017-18234 | 4 Canonical, Debian, Exempi Project and 1 more | 4 Ubuntu Linux, Debian Linux, Exempi and 1 more | 2024-08-05 | N/A |
| An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp. | ||||
| CVE-2017-18189 | 3 Debian, Redhat, Sound Exchange Project | 3 Debian Linux, Enterprise Linux, Sound Exchange | 2024-08-05 | N/A |
| In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service. | ||||
| CVE-2017-18219 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-08-05 | N/A |
| An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. | ||||
| CVE-2017-18121 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-08-05 | N/A |
| The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. | ||||
| CVE-2017-18123 | 2 Debian, Dokuwiki | 2 Debian Linux, Dokuwiki | 2024-08-05 | N/A |
| The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. | ||||
| CVE-2017-18122 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-08-05 | N/A |
| A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP. | ||||
| CVE-2017-18078 | 3 Debian, Opensuse, Systemd Project | 3 Debian Linux, Leap, Systemd | 2024-08-05 | 7.8 High |
| systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. | ||||
| CVE-2017-18076 | 2 Debian, Omniauth | 2 Debian Linux, Omniauth | 2024-08-05 | 7.5 High |
| In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase. | ||||
| CVE-2017-18017 | 9 Arista, Canonical, Debian and 6 more | 33 Eos, Ubuntu Linux, Debian Linux and 30 more | 2024-08-05 | 9.8 Critical |
| The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | ||||
| CVE-2017-18026 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-08-05 | N/A |
| Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536. | ||||