Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1000115 3 Debian, Mercurial, Redhat 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more 2019-05-10 5.0 MEDIUM 7.5 HIGH
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
CVE-2017-16664 2 Debian, Otrs 2 Debian Linux, Otrs 2019-05-08 6.5 MEDIUM 8.8 HIGH
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
CVE-2017-3157 3 Apache, Debian, Redhat 8 Openoffice, Debian Linux, Enterprise Linux Desktop and 5 more 2019-05-08 4.3 MEDIUM 5.5 MEDIUM
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.
CVE-2018-12910 5 Canonical, Debian, Gnome and 2 more 9 Ubuntu Linux, Debian Linux, Libsoup and 6 more 2019-05-08 7.5 HIGH 9.8 CRITICAL
The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.
CVE-2017-1000229 2 Debian, Optipng Project 2 Debian Linux, Optipng 2019-05-06 6.8 MEDIUM 7.8 HIGH
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
CVE-2018-10242 2 Debian, Suricata-ids 2 Debian Linux, Suricata 2019-05-06 5.0 MEDIUM 7.5 HIGH
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check.
CVE-2017-12874 2 Debian, Simplesamlphp 2 Debian Linux, Infocard Module 2019-05-06 5.0 MEDIUM 7.5 HIGH
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
CVE-2017-12136 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2019-05-06 6.9 MEDIUM 7.8 HIGH
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
CVE-2017-14975 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-05-03 5.0 MEDIUM 7.5 HIGH
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.
CVE-2017-14976 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-05-03 5.0 MEDIUM 7.5 HIGH
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
CVE-2017-14977 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-05-03 5.0 MEDIUM 7.5 HIGH
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
CVE-2017-11139 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-05-03 7.5 HIGH 9.8 CRITICAL
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
CVE-2018-12495 2 Debian, Discount Project 2 Debian Linux, Discount 2019-05-02 4.3 MEDIUM 5.5 MEDIUM
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVE-2017-1000422 3 Canonical, Debian, Gnome 3 Ubuntu Linux, Debian Linux, Gdk-pixbuf 2019-05-02 6.8 MEDIUM 8.8 HIGH
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
CVE-2018-5848 3 Debian, Google, Redhat 6 Debian Linux, Android, Enterprise Linux Desktop and 3 more 2019-05-02 4.6 MEDIUM 7.8 HIGH
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVE-2018-6064 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more 2019-05-02 6.8 MEDIUM 8.8 HIGH
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2016-10746 2 Debian, Redhat 2 Debian Linux, Libvirt 2019-05-01 5.0 MEDIUM 7.5 HIGH
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
CVE-2017-1000421 2 Debian, Gifsicle Project 2 Debian Linux, Gifsicle 2019-04-30 7.5 HIGH 9.8 CRITICAL
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution
CVE-2017-1000456 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-04-30 6.8 MEDIUM 8.8 HIGH
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
CVE-2017-16804 2 Debian, Redmine 2 Debian Linux, Redmine 2019-04-30 4.0 MEDIUM 4.3 MEDIUM
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.