Total
4150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11591 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||||
| CVE-2017-11473 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table. | |||||
| CVE-2017-11352 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144. | |||||
| CVE-2017-11111 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-10689 | 3 Canonical, Puppet, Redhat | 4 Ubuntu Linux, Puppet, Puppet Enterprise and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. | |||||
| CVE-2017-10686 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack. | |||||
| CVE-2017-1000476 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. | |||||
| CVE-2017-1000445 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service | |||||
| CVE-2017-1000422 | 3 Canonical, Debian, Gnome | 3 Ubuntu Linux, Debian Linux, Gdk-pixbuf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | |||||
| CVE-2017-1000407 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 6.1 MEDIUM | 7.4 HIGH |
| The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | |||||
| CVE-2017-1000050 | 4 Canonical, Fedoraproject, Jasper Project and 1 more | 6 Ubuntu Linux, Fedora, Jasper and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | |||||
| CVE-2017-0903 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. | |||||
| CVE-2017-0902 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | |||||
| CVE-2017-0901 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | |||||
| CVE-2016-9963 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
| Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | |||||
| CVE-2016-9950 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. | |||||
| CVE-2016-9949 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. | |||||
| CVE-2016-9928 | 3 Canonical, Debian, Mcabber | 3 Ubuntu Linux, Debian Linux, Mcabber | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | |||||
| CVE-2016-9843 | 10 Apple, Canonical, Debian and 7 more | 24 Iphone Os, Mac Os X, Tvos and 21 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | |||||
| CVE-2016-9842 | 8 Apple, Canonical, Debian and 5 more | 19 Iphone Os, Mac Os X, Tvos and 16 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | |||||