Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
9158 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-4914 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2025-04-20 | N/A |
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | ||||
CVE-2017-9936 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2025-04-20 | N/A |
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. | ||||
CVE-2017-9929 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2025-04-20 | 5.5 Medium |
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. | ||||
CVE-2017-9988 | 2 Debian, Libming | 2 Debian Linux, Libming | 2025-04-20 | N/A |
The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. | ||||
CVE-2017-9928 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2025-04-20 | 5.5 Medium |
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. | ||||
CVE-2017-9989 | 2 Debian, Libming | 2 Debian Linux, Libming | 2025-04-20 | N/A |
util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. | ||||
CVE-2017-9776 | 3 Debian, Freedesktop, Redhat | 9 Debian Linux, Poppler, Enterprise Linux and 6 more | 2025-04-20 | N/A |
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | ||||
CVE-2017-9766 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | N/A |
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. | ||||
CVE-2017-9865 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | N/A |
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. | ||||
CVE-2017-9739 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2025-04-20 | N/A |
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-9868 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2025-04-20 | N/A |
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | ||||
CVE-2017-9992 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||||
CVE-2017-6310 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2025-04-20 | N/A |
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. | ||||
CVE-2017-9525 | 3 Canonical, Cron Project, Debian | 3 Ubuntu Linux, Cron, Debian Linux | 2025-04-20 | 6.7 Medium |
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. | ||||
CVE-2017-9469 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2025-04-20 | N/A |
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash. | ||||
CVE-2017-9468 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2025-04-20 | N/A |
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. | ||||
CVE-2017-9503 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 5.5 Medium |
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. | ||||
CVE-2017-9612 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2025-04-20 | N/A |
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-9406 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2025-04-20 | N/A |
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | ||||
CVE-2017-9375 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2025-04-20 | 5.5 Medium |
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. |