Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5462 | 2 Debian, Mozilla | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2017-6014 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. | |||||
CVE-2017-6056 | 2 Canonical, Debian | 2 Ubuntu Linux, Debian Linux | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. | |||||
CVE-2017-6299 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." | |||||
CVE-2017-6467 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. | |||||
CVE-2017-6470 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. | |||||
CVE-2017-6472 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. | |||||
CVE-2017-6474 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. | |||||
CVE-2017-6499 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). | |||||
CVE-2017-6816 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-10-02 | 5.5 MEDIUM | 4.9 MEDIUM |
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | |||||
CVE-2017-6928 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-10-02 | 3.5 LOW | 5.3 MEDIUM |
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations. | |||||
CVE-2017-6964 | 2 Canonical, Debian | 2 Ubuntu Linux, Debian Linux | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS. | |||||
CVE-2017-7611 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
CVE-2017-7608 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
CVE-2017-7610 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
CVE-2017-7612 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | |||||
CVE-2017-7650 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. | |||||
CVE-2017-7654 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. | |||||
CVE-2017-7700 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 7.1 HIGH | 6.5 MEDIUM |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. | |||||
CVE-2017-7746 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. |