Total
8485 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3616 | 4 Canonical, Debian, Libjpeg-turbo and 1 more | 4 Ubuntu Linux, Debian Linux, Libjpeg-turbo and 1 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. | |||||
| CVE-2017-9788 | 6 Apache, Apple, Debian and 3 more | 16 Http Server, Mac Os X, Debian Linux and 13 more | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. | |||||
| CVE-2017-17476 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. | |||||
| CVE-2017-6301 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads." | |||||
| CVE-2017-17786 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | |||||
| CVE-2017-14169 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. | |||||
| CVE-2017-5105 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
| CVE-2017-8808 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | |||||
| CVE-2017-7718 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. | |||||
| CVE-2016-9841 | 9 Apple, Canonical, Debian and 6 more | 39 Iphone Os, Mac Os X, Tvos and 36 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | |||||
| CVE-2017-9992 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-17806 | 5 Debian, Linux, Opensuse and 2 more | 7 Debian Linux, Linux Kernel, Leap and 4 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | |||||
| CVE-2017-13756 | 2 Debian, Sleuthkit | 2 Debian Linux, The Sleuth Kit | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. | |||||
| CVE-2017-12607 | 2 Apache, Debian | 2 Openoffice, Debian Linux | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. | |||||
| CVE-2016-5315 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | |||||
| CVE-2016-9532 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. | |||||
| CVE-2017-9735 | 3 Debian, Eclipse, Oracle | 7 Debian Linux, Jetty, Communications Cloud Native Core Policy and 4 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | |||||
| CVE-2017-1000385 | 2 Debian, Erlang | 2 Debian Linux, Erlang\/otp | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack). | |||||
| CVE-2017-6188 | 2 Debian, Munin-monitoring | 2 Debian Linux, Munin | 2025-04-20 | 1.9 LOW | 5.5 MEDIUM |
| Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. | |||||
| CVE-2017-16642 | 4 Canonical, Debian, Netapp and 1 more | 5 Ubuntu Linux, Debian Linux, Clustered Data Ontap and 2 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. | |||||