Total
8120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9373 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 1.9 LOW | 5.5 MEDIUM |
| Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device. | |||||
| CVE-2017-16669 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. | |||||
| CVE-2017-5122 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. | |||||
| CVE-2017-17857 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. | |||||
| CVE-2017-8810 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. | |||||
| CVE-2017-11733 | 2 Debian, Libming | 2 Debian Linux, Ming | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-8815 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. | |||||
| CVE-2017-14504 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. | |||||
| CVE-2017-16854 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. | |||||
| CVE-2017-17499 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | |||||
| CVE-2017-13687 | 2 Debian, Tcpdump | 2 Debian Linux, Tcpdump | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). | |||||
| CVE-2017-10110 | 4 Debian, Netapp, Oracle and 1 more | 26 Debian Linux, Active Iq Unified Manager, Cloud Backup and 23 more | 2024-02-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2017-1000116 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | |||||
| CVE-2017-11521 | 2 Debian, Resiprocate | 2 Debian Linux, Resiprocate | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. | |||||
| CVE-2017-12935 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. | |||||
| CVE-2017-17433 | 2 Debian, Samba | 2 Debian Linux, Rsync | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
| The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2017-1000376 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Enterprise Virtualization Server and 1 more | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
| libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. | |||||
| CVE-2017-14041 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | |||||
| CVE-2015-2750 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | |||||
| CVE-2017-14120 | 2 Debian, Rarlab | 2 Debian Linux, Unrar | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | |||||