Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5126 2 Debian, Google 2 Debian Linux, Chrome 2018-02-22 6.8 MEDIUM 8.8 HIGH
A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2017-5129 2 Debian, Google 2 Debian Linux, Chrome 2018-02-22 6.8 MEDIUM 8.8 HIGH
A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-15389 2 Debian, Google 2 Debian Linux, Chrome 2018-02-22 4.3 MEDIUM 6.5 MEDIUM
An insufficient watchdog timer in navigation in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-15388 2 Debian, Google 2 Debian Linux, Chrome 2018-02-22 6.8 MEDIUM 8.8 HIGH
Iteration through non-finite points in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2018-0486 2 Debian, Shibboleth 2 Debian Linux, Xmltooling-c 2018-02-15 6.4 MEDIUM 6.5 MEDIUM
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.
CVE-2018-5704 2 Debian, Openocd 2 Debian Linux, Open On-chip Debugger 2018-02-09 9.3 HIGH 9.6 CRITICAL
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
CVE-2001-0136 4 Conectiva, Debian, Mandrakesoft and 1 more 4 Linux, Debian Linux, Mandrake Linux and 1 more 2018-02-07 5.0 MEDIUM N/A
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
CVE-2017-16852 2 Debian, Shibboleth 2 Debian Linux, Service Provider 2018-02-03 6.8 MEDIUM 8.1 HIGH
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
CVE-2017-13723 2 Debian, X.org 2 Debian Linux, Xorg-server 2018-02-03 4.6 MEDIUM 7.8 HIGH
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.
CVE-2017-17845 2 Debian, Enigmail 2 Debian Linux, Enigmail 2018-02-03 7.5 HIGH 7.3 HIGH
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
CVE-2017-17846 2 Debian, Enigmail 2 Debian Linux, Enigmail 2018-02-03 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
CVE-2017-17847 2 Debian, Enigmail 2 Debian Linux, Enigmail 2018-02-03 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.
CVE-2017-16853 2 Debian, Shibboleth 2 Debian Linux, Opensaml 2018-02-03 6.8 MEDIUM 8.1 HIGH
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
CVE-2017-17084 2 Debian, Wireshark 2 Debian Linux, Wireshark 2018-02-03 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.
CVE-2017-17083 2 Debian, Wireshark 2 Debian Linux, Wireshark 2018-02-03 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.
CVE-2017-1000472 2 Debian, Pocoproject 2 Debian Linux, Poco 2018-02-03 5.8 MEDIUM 6.5 MEDIUM
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".
CVE-2017-15953 2 Bchunk Project, Debian 2 Bchunk, Debian Linux 2018-02-03 4.3 MEDIUM 5.5 MEDIUM
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.
CVE-2017-15954 2 Bchunk Project, Debian 2 Bchunk, Debian Linux 2018-02-03 4.3 MEDIUM 5.5 MEDIUM
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.
CVE-2017-17085 2 Debian, Wireshark 2 Debian Linux, Wireshark 2018-02-03 5.0 MEDIUM 7.5 HIGH
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
CVE-2017-15955 2 Bchunk Project, Debian 2 Bchunk, Debian Linux 2018-02-03 4.3 MEDIUM 5.5 MEDIUM
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.