Filtered by vendor Debian
Subscribe
Total
8236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000115 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2019-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | |||||
| CVE-2017-16664 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2019-05-08 | 6.5 MEDIUM | 8.8 HIGH |
| Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. | |||||
| CVE-2017-3157 | 3 Apache, Debian, Redhat | 8 Openoffice, Debian Linux, Enterprise Linux Desktop and 5 more | 2019-05-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back. | |||||
| CVE-2018-12910 | 5 Canonical, Debian, Gnome and 2 more | 9 Ubuntu Linux, Debian Linux, Libsoup and 6 more | 2019-05-08 | 7.5 HIGH | 9.8 CRITICAL |
| The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. | |||||
| CVE-2017-1000229 | 2 Debian, Optipng Project | 2 Debian Linux, Optipng | 2019-05-06 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. | |||||
| CVE-2018-10242 | 2 Debian, Suricata-ids | 2 Debian Linux, Suricata | 2019-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check. | |||||
| CVE-2017-12874 | 2 Debian, Simplesamlphp | 2 Debian Linux, Infocard Module | 2019-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. | |||||
| CVE-2017-12136 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2019-05-06 | 6.9 MEDIUM | 7.8 HIGH |
| Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | |||||
| CVE-2017-14975 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2019-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | |||||
| CVE-2017-14976 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2019-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. | |||||
| CVE-2017-14977 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2019-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | |||||
| CVE-2017-11139 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. | |||||
| CVE-2018-12495 | 2 Debian, Discount Project | 2 Debian Linux, Discount | 2019-05-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | |||||
| CVE-2017-1000422 | 3 Canonical, Debian, Gnome | 3 Ubuntu Linux, Debian Linux, Gdk-pixbuf | 2019-05-02 | 6.8 MEDIUM | 8.8 HIGH |
| Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | |||||
| CVE-2018-5848 | 3 Debian, Google, Redhat | 6 Debian Linux, Android, Enterprise Linux Desktop and 3 more | 2019-05-02 | 4.6 MEDIUM | 7.8 HIGH |
| In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-6064 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-05-02 | 6.8 MEDIUM | 8.8 HIGH |
| Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2016-10746 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2019-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | |||||
| CVE-2017-1000421 | 2 Debian, Gifsicle Project | 2 Debian Linux, Gifsicle | 2019-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution | |||||
| CVE-2017-1000456 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2019-04-30 | 6.8 MEDIUM | 8.8 HIGH |
| freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | |||||
| CVE-2017-16804 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-04-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. | |||||