Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
9179 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10672 | 2 Debian, Xml-libxml Project | 2 Debian Linux, Xml-libxml | 2025-04-20 | 9.8 Critical |
| Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. | ||||
| CVE-2017-5208 | 3 Debian, Icoutils Project, Redhat | 9 Debian Linux, Icoutils, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. | ||||
| CVE-2017-3735 | 3 Debian, Openssl, Redhat | 3 Debian Linux, Openssl, Enterprise Linux | 2025-04-20 | N/A |
| While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. | ||||
| CVE-2017-8806 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2025-04-20 | 5.5 Medium |
| The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | ||||
| CVE-2017-12865 | 2 Debian, Intel | 2 Debian Linux, Connman | 2025-04-20 | 9.8 Critical |
| Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | ||||
| CVE-2017-10268 | 5 Debian, Mariadb, Netapp and 2 more | 19 Debian Linux, Mariadb, Active Iq Unified Manager and 16 more | 2025-04-20 | 4.1 Medium |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2017-9143 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 6.5 Medium |
| In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | ||||
| CVE-2017-8814 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2025-04-20 | N/A |
| The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | ||||
| CVE-2016-2318 | 4 Debian, Graphicsmagick, Opensuse and 1 more | 7 Debian Linux, Graphicsmagick, Leap and 4 more | 2025-04-20 | N/A |
| GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | ||||
| CVE-2017-3312 | 4 Debian, Mariadb, Oracle and 1 more | 5 Debian Linux, Mariadb, Mysql and 2 more | 2025-04-20 | 6.7 Medium |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). | ||||
| CVE-2017-2518 | 2 Apple, Debian | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. | ||||
| CVE-2017-6468 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. | ||||
| CVE-2017-16525 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 6.6 Medium |
| The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. | ||||
| CVE-2016-4570 | 2 Debian, Mini-xml Project | 2 Debian Linux, Mini-xml | 2025-04-20 | 5.5 Medium |
| The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | ||||
| CVE-2017-13024 | 3 Debian, Redhat, Tcpdump | 3 Debian Linux, Enterprise Linux, Tcpdump | 2025-04-20 | 9.8 Critical |
| The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | ||||
| CVE-2015-7871 | 3 Debian, Netapp, Ntp | 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more | 2025-04-20 | 9.8 Critical |
| Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | ||||
| CVE-2017-5667 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 6.5 Medium |
| The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. | ||||
| CVE-2017-9214 | 3 Debian, Openvswitch, Redhat | 6 Debian Linux, Openvswitch, Enterprise Linux and 3 more | 2025-04-20 | 9.8 Critical |
| In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. | ||||
| CVE-2017-6300 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | N/A |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h." | ||||
| CVE-2017-7377 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 6.0 Medium |
| The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. | ||||