Total
8866 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5204 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). | |||||
CVE-2017-8354 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
CVE-2016-1981 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. | |||||
CVE-2017-9078 | 3 Debian, Dropbear Ssh Project, Netapp | 4 Debian Linux, Dropbear Ssh, H410c and 1 more | 2024-02-28 | 8.5 HIGH | 8.8 HIGH |
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | |||||
CVE-2017-9079 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. | |||||
CVE-2017-5848 | 3 Debian, Gstreamer Project, Redhat | 8 Debian Linux, Gstreamer, Enterprise Linux Desktop and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | |||||
CVE-2017-9065 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. | |||||
CVE-2017-5987 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer. | |||||
CVE-2017-7613 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | |||||
CVE-2017-9062 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | |||||
CVE-2016-8682 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Opensuse | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. | |||||
CVE-2016-2090 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. | |||||
CVE-2016-9843 | 10 Apple, Canonical, Debian and 7 more | 24 Iphone Os, Mac Os X, Tvos and 21 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | |||||
CVE-2017-8849 | 2 Debian, Smb4k Project | 2 Debian Linux, Smb4k | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. | |||||
CVE-2016-2373 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability. | |||||
CVE-2016-10160 | 3 Debian, Netapp, Php | 3 Debian Linux, Clustered Data Ontap, Php | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | |||||
CVE-2015-8619 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). | |||||
CVE-2017-6305 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." | |||||
CVE-2016-5424 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-02-28 | 4.6 MEDIUM | 7.1 HIGH |
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. | |||||
CVE-2017-9066 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. |