Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18236 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. | |||||
| CVE-2017-18264 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions (e.g., version 5). This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). This occurs because some implementations of the PHP substr function return false when given '' as the first argument. | |||||
| CVE-2017-18265 | 2 Debian, Prosody | 2 Debian Linux, Prosody | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module. | |||||
| CVE-2017-3463 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-5390 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||||
| CVE-2017-5386 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
| WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. | |||||
| CVE-2017-5405 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
| CVE-2017-5462 | 2 Debian, Mozilla | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-6014 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. | |||||
| CVE-2017-6056 | 2 Canonical, Debian | 2 Ubuntu Linux, Debian Linux | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. | |||||
| CVE-2017-6299 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." | |||||
| CVE-2017-6467 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. | |||||
| CVE-2017-6470 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. | |||||
| CVE-2017-6472 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. | |||||
| CVE-2017-6474 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. | |||||
| CVE-2017-6499 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). | |||||
| CVE-2017-6816 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-10-02 | 5.5 MEDIUM | 4.9 MEDIUM |
| In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | |||||
| CVE-2017-6928 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-10-02 | 3.5 LOW | 5.3 MEDIUM |
| Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations. | |||||
| CVE-2017-6964 | 2 Canonical, Debian | 2 Ubuntu Linux, Debian Linux | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS. | |||||
| CVE-2017-7611 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||