Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14733 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
CVE-2017-15191 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. | |||||
CVE-2017-15955 | 2 Bchunk Project, Debian | 2 Bchunk, Debian Linux | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. | |||||
CVE-2017-16352 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. | |||||
CVE-2017-15930 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | |||||
CVE-2017-7980 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. | |||||
CVE-2017-15722 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | |||||
CVE-2017-16651 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. | |||||
CVE-2017-9611 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2015-5177 | 2 Debian, Openslp | 2 Debian Linux, Openslp | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | |||||
CVE-2017-9727 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2017-12597 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. | |||||
CVE-2017-12809 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. | |||||
CVE-2017-12605 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread. | |||||
CVE-2017-0376 | 2 Debian, Torproject | 2 Debian Linux, Tor | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. | |||||
CVE-2017-9461 | 3 Debian, Redhat, Samba | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | |||||
CVE-2017-9780 | 2 Debian, Flatpak | 2 Debian Linux, Flatpak | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root. | |||||
CVE-2017-17093 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | |||||
CVE-2016-6796 | 6 Apache, Canonical, Debian and 3 more | 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. | |||||
CVE-2017-10114 | 3 Debian, Netapp, Oracle | 19 Debian Linux, Active Iq Unified Manager, Cloud Backup and 16 more | 2024-02-04 | 5.1 MEDIUM | 8.3 HIGH |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |