Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8868 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-6836 | 2 Audiofile, Debian | 2 Audiofile, Debian Linux | 2024-08-05 | 5.5 Medium |
Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||||
CVE-2017-6891 | 3 Apache, Debian, Gnu | 3 Bookkeeper, Debian Linux, Libtasn1 | 2024-08-05 | 8.8 High |
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. | ||||
CVE-2017-6814 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. | ||||
CVE-2017-6817 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | ||||
CVE-2017-6815 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | ||||
CVE-2017-6832 | 2 Audiofile, Debian | 2 Audiofile, Debian Linux | 2024-08-05 | 5.5 Medium |
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||||
CVE-2017-6831 | 2 Audiofile, Debian | 2 Audiofile, Debian Linux | 2024-08-05 | 5.5 Medium |
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||||
CVE-2017-6802 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-08-05 | N/A |
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. | ||||
CVE-2017-6816 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-05 | N/A |
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | ||||
CVE-2017-6834 | 2 Audiofile, Debian | 2 Audiofile, Debian Linux | 2024-08-05 | 5.5 Medium |
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||||
CVE-2017-6801 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-08-05 | N/A |
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. | ||||
CVE-2017-6800 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-08-05 | N/A |
An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. | ||||
CVE-2017-6470 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. | ||||
CVE-2017-6469 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. | ||||
CVE-2017-6500 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-08-05 | N/A |
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. | ||||
CVE-2017-6468 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. | ||||
CVE-2017-6467 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. | ||||
CVE-2017-6499 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-08-05 | N/A |
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). | ||||
CVE-2017-6474 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-08-05 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. | ||||
CVE-2017-6512 | 3 Canonical, Debian, File\ | 3 Ubuntu Linux, Debian Linux, \ | 2024-08-05 | 5.9 Medium |
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. |