Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-8345 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-08-05 | N/A |
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
CVE-2017-8291 | 3 Artifex, Debian, Redhat | 9 Ghostscript, Debian Linux, Enterprise Linux and 6 more | 2024-08-05 | 7.8 High |
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | ||||
CVE-2017-8112 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-05 | 6.5 Medium |
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | ||||
CVE-2017-8105 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-08-05 | N/A |
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | ||||
CVE-2017-8086 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-05 | 6.5 Medium |
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. | ||||
CVE-2017-8073 | 2 Debian, Weechat | 2 Debian Linux, Weechat | 2024-08-05 | N/A |
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. | ||||
CVE-2017-8064 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-05 | 7.8 High |
drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | ||||
CVE-2017-7980 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2024-08-05 | N/A |
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. | ||||
CVE-2017-7863 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-08-05 | N/A |
FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | ||||
CVE-2017-8028 | 3 Debian, Pivotal Software, Redhat | 4 Debian Linux, Spring-ldap, Jboss Amq and 1 more | 2024-08-05 | N/A |
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect. | ||||
CVE-2017-7957 | 3 Debian, Redhat, Xstream Project | 6 Debian Linux, Jboss Amq, Jboss Bpms and 3 more | 2024-08-05 | N/A |
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. | ||||
CVE-2017-7943 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-08-05 | N/A |
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | ||||
CVE-2017-7867 | 2 Debian, Icu-project | 2 Debian Linux, International Components For Unicode | 2024-08-05 | N/A |
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. | ||||
CVE-2017-7941 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-08-05 | N/A |
The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | ||||
CVE-2017-7846 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-08-05 | N/A |
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. | ||||
CVE-2017-7895 | 3 Debian, Linux, Redhat | 10 Debian Linux, Linux Kernel, Enterprise Linux and 7 more | 2024-08-05 | 9.8 Critical |
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. | ||||
CVE-2017-7865 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-08-05 | N/A |
FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. | ||||
CVE-2017-7868 | 2 Debian, Icu-project | 2 Debian Linux, International Components For Unicode | 2024-08-05 | N/A |
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. | ||||
CVE-2017-7889 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-08-05 | 7.8 High |
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | ||||
CVE-2017-7843 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2024-08-05 | N/A |
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1. |