Total
8866 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5205 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). | |||||
| CVE-2016-7800 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. | |||||
| CVE-2017-3244 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | |||||
| CVE-2017-3463 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-5667 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
| The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. | |||||
| CVE-2016-7155 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds access or infinite loop, and QEMU process crash) via a crafted page count for descriptor rings. | |||||
| CVE-2017-6056 | 2 Canonical, Debian | 2 Ubuntu Linux, Debian Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. | |||||
| CVE-2017-8347 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-6302 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." | |||||
| CVE-2016-2198 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registers. A privileged user inside quest could use this flaw to crash the QEMU process instance resulting in DoS. | |||||
| CVE-2017-6817 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | |||||
| CVE-2016-9911 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. | |||||
| CVE-2016-2317 | 4 Debian, Graphicsmagick, Opensuse and 1 more | 7 Debian Linux, Graphicsmagick, Leap and 4 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | |||||
| CVE-2016-9830 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | |||||
| CVE-2015-8613 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 1.9 LOW | 6.5 MEDIUM |
| Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. | |||||
| CVE-2017-6832 | 2 Audiofile, Debian | 2 Audiofile, Debian Linux | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2017-8105 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | |||||
| CVE-2016-9103 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 6.0 MEDIUM |
| The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them. | |||||
| CVE-2016-9401 | 3 Debian, Gnu, Redhat | 8 Debian Linux, Bash, Enterprise Linux Desktop and 5 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | |||||
| CVE-2017-7178 | 2 Debian, Deluge-torrent | 2 Debian Linux, Deluge | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. | |||||