Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-15923 | 2 Debian, Konversation | 2 Debian Linux, Konversation | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | |||||
CVE-2015-5195 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | |||||
CVE-2017-5121 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | |||||
CVE-2017-17915 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. | |||||
CVE-2017-9330 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 1.9 LOW | 5.6 MEDIUM |
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. | |||||
CVE-2017-10074 | 4 Debian, Netapp, Oracle and 1 more | 25 Debian Linux, Active Iq Unified Manager, Cloud Backup and 22 more | 2024-02-04 | 5.1 MEDIUM | 8.3 HIGH |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
CVE-2017-9788 | 6 Apache, Apple, Debian and 3 more | 16 Http Server, Mac Os X, Debian Linux and 13 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. | |||||
CVE-2017-17476 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. | |||||
CVE-2017-17786 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | |||||
CVE-2017-14169 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. | |||||
CVE-2018-5294 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. | |||||
CVE-2017-5105 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
CVE-2017-8808 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | |||||
CVE-2017-1000445 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service | |||||
CVE-2017-9992 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
CVE-2017-17806 | 5 Debian, Linux, Opensuse and 2 more | 7 Debian Linux, Linux Kernel, Leap and 4 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | |||||
CVE-2017-13756 | 2 Debian, Sleuthkit | 2 Debian Linux, The Sleuth Kit | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. | |||||
CVE-2017-12607 | 2 Apache, Debian | 2 Openoffice, Debian Linux | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. | |||||
CVE-2017-9735 | 3 Debian, Eclipse, Oracle | 7 Debian Linux, Jetty, Communications Cloud Native Core Policy and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | |||||
CVE-2017-1000385 | 2 Debian, Erlang | 2 Debian Linux, Erlang\/otp | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack). |