Filtered by vendor Debian
Subscribe
Total
9332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12937 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | |||||
| CVE-2017-13063 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. | |||||
| CVE-2017-12629 | 4 Apache, Canonical, Debian and 1 more | 5 Solr, Ubuntu Linux, Debian Linux and 2 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. | |||||
| CVE-2017-13775 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-11-07 | 7.1 HIGH | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. | |||||
| CVE-2017-13704 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | |||||
| CVE-2017-11714 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. | |||||
| CVE-2017-13737 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | |||||
| CVE-2017-12936 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. | |||||
| CVE-2017-13065 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. | |||||
| CVE-2016-9811 | 4 Debian, Fedoraproject, Gstreamer and 1 more | 9 Debian Linux, Fedora, Gstreamer and 6 more | 2023-11-07 | 4.3 MEDIUM | 4.7 MEDIUM |
| The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | |||||
| CVE-2016-9843 | 10 Apple, Canonical, Debian and 7 more | 24 Iphone Os, Mac Os X, Tvos and 21 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | |||||
| CVE-2016-9602 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. | |||||
| CVE-2016-9578 | 3 Debian, Redhat, Spice Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. | |||||
| CVE-2016-9376 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large. | |||||
| CVE-2017-1000256 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |||||
| CVE-2016-9577 | 3 Debian, Redhat, Spice Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. | |||||
| CVE-2016-9603 | 4 Citrix, Debian, Qemu and 1 more | 9 Xenserver, Debian Linux, Qemu and 6 more | 2023-11-07 | 9.0 HIGH | 9.9 CRITICAL |
| A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. | |||||
| CVE-2017-0379 | 2 Debian, Gnupg | 2 Debian Linux, Libgcrypt | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | |||||
| CVE-2016-9601 | 2 Artifex, Debian | 3 Gpl Ghostscript, Jbig2dec, Debian Linux | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript. | |||||
| CVE-2016-9939 | 2 Cryptopp, Debian | 2 Crypto\+\+, Debian Linux | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. | |||||