Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-6815 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | |||||
CVE-2016-2377 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability. | |||||
CVE-2017-3329 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
CVE-2017-5612 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt. | |||||
CVE-2016-9811 | 4 Debian, Fedoraproject, Gstreamer and 1 more | 9 Debian Linux, Fedora, Gstreamer and 6 more | 2024-02-04 | 4.3 MEDIUM | 4.7 MEDIUM |
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | |||||
CVE-2016-10196 | 3 Debian, Libevent Project, Mozilla | 5 Debian Linux, Libevent, Firefox and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | |||||
CVE-2017-6303 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." | |||||
CVE-2017-3464 | 3 Debian, Oracle, Redhat | 8 Debian Linux, Mysql, Enterprise Linux Desktop and 5 more | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
CVE-2015-8619 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). | |||||
CVE-2017-6304 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." | |||||
CVE-2013-1430 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key. | |||||
CVE-2017-7867 | 2 Debian, Icu-project | 2 Debian Linux, International Components For Unicode | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. | |||||
CVE-2017-6302 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." | |||||
CVE-2017-6802 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. | |||||
CVE-2017-5033 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. | |||||
CVE-2016-9105 | 3 Debian, Opensuse, Qemu | 3 Debian Linux, Leap, Qemu | 2024-02-04 | 2.1 LOW | 6.0 MEDIUM |
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object. | |||||
CVE-2016-10155 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 4.9 MEDIUM | 6.0 MEDIUM |
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | |||||
CVE-2017-6472 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. | |||||
CVE-2017-5856 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 4.9 MEDIUM | 6.5 MEDIUM |
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. | |||||
CVE-2017-7697 | 2 Debian, Libsamplerate Project | 2 Debian Linux, Libsamplerate | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. |