Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9098 | 3 Debian, Graphicsmagick, Imagemagick | 3 Debian Linux, Graphicsmagick, Imagemagick | 2021-04-28 | 5.0 MEDIUM | 7.5 HIGH |
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. | |||||
CVE-2015-7974 | 4 Debian, Netapp, Ntp and 1 more | 8 Debian Linux, Clustered Data Ontap, Oncommand Balance and 5 more | 2021-04-26 | 4.0 MEDIUM | 7.7 HIGH |
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |||||
CVE-2016-8862 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-04-26 | 6.8 MEDIUM | 8.8 HIGH |
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | |||||
CVE-2018-14682 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 8 Libmspack, Cabextract, Ubuntu Linux and 5 more | 2021-04-26 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. | |||||
CVE-2018-14680 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 8 Libmspack, Cabextract, Ubuntu Linux and 5 more | 2021-04-26 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. | |||||
CVE-2018-14681 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 8 Libmspack, Cabextract, Ubuntu Linux and 5 more | 2021-04-26 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. | |||||
CVE-2018-14679 | 5 Cabextract, Cabextract Project, Canonical and 2 more | 8 Libmspack, Cabextract, Ubuntu Linux and 5 more | 2021-04-26 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | |||||
CVE-2021-29450 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2021-04-23 | 4.0 MEDIUM | 4.3 MEDIUM |
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix. | |||||
CVE-2017-16921 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2021-04-22 | 9.0 HIGH | 8.8 HIGH |
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. | |||||
CVE-2011-4361 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2021-04-21 | 5.0 MEDIUM | N/A |
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. | |||||
CVE-2011-4360 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2021-04-21 | 5.0 MEDIUM | N/A |
MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter. | |||||
CVE-2016-8677 | 3 Debian, Imagemagick, Opensuse | 3 Debian Linux, Imagemagick, Opensuse | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. | |||||
CVE-2019-17540 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. | |||||
CVE-2017-11450 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. | |||||
CVE-2018-7602 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2021-04-20 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. | |||||
CVE-2014-9016 | 3 Debian, Drupal, Secure Password Hashes Project | 3 Debian Linux, Drupal, Secure Passwords Hashes | 2021-04-20 | 5.0 MEDIUM | N/A |
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. | |||||
CVE-2014-2983 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2021-04-20 | 5.0 MEDIUM | N/A |
Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors. | |||||
CVE-2021-28834 | 3 Debian, Fedoraproject, Kramdown Project | 3 Debian Linux, Fedora, Kramdown | 2021-04-19 | 6.8 MEDIUM | 9.8 CRITICAL |
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. | |||||
CVE-2021-26929 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2021-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses. | |||||
CVE-2015-7855 | 4 Debian, Netapp, Ntp and 1 more | 11 Debian Linux, Clustered Data Ontap, Data Ontap and 8 more | 2021-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. |