Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-9141 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-08-05 | 6.5 Medium |
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | ||||
CVE-2017-9064 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | ||||
CVE-2017-9066 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | ||||
CVE-2017-9063 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | ||||
CVE-2017-9076 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-05 | 7.8 High |
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | ||||
CVE-2017-9075 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-05 | 7.8 High |
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | ||||
CVE-2017-9061 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. | ||||
CVE-2017-9078 | 3 Debian, Dropbear Ssh Project, Netapp | 4 Debian Linux, Dropbear Ssh, H410c and 1 more | 2024-08-05 | 8.8 High |
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | ||||
CVE-2017-9062 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | ||||
CVE-2017-9022 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-08-05 | N/A |
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | ||||
CVE-2017-9079 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2024-08-05 | N/A |
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. | ||||
CVE-2017-8925 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-05 | N/A |
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. | ||||
CVE-2017-8924 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-05 | N/A |
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. | ||||
CVE-2017-8849 | 2 Debian, Smb4k Project | 2 Debian Linux, Smb4k | 2024-08-05 | N/A |
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. | ||||
CVE-2017-8846 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2024-08-05 | 5.5 Medium |
The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive. | ||||
CVE-2017-8844 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2024-08-05 | 7.8 High |
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. | ||||
CVE-2017-8820 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2024-08-05 | N/A |
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. | ||||
CVE-2017-8890 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-05 | 7.8 High |
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. | ||||
CVE-2017-8812 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-05 | N/A |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | ||||
CVE-2017-8811 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-05 | N/A |
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. |