Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
9158 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-6801 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | N/A |
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. | ||||
CVE-2017-6964 | 2 Canonical, Debian | 2 Ubuntu Linux, Debian Linux | 2025-04-20 | 7.8 High |
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS. | ||||
CVE-2017-6469 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. | ||||
CVE-2017-6467 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. | ||||
CVE-2017-6470 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. | ||||
CVE-2017-6313 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 7.1 High |
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | ||||
CVE-2017-6314 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 5.5 Medium |
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | ||||
CVE-2017-6471 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. | ||||
CVE-2017-6307 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2025-04-20 | N/A |
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. | ||||
CVE-2017-6306 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | N/A |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." | ||||
CVE-2017-6308 | 2 Debian, Tnef Project | 2 Debian Linux, Tnef | 2025-04-20 | N/A |
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. | ||||
CVE-2017-6304 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | N/A |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." | ||||
CVE-2015-6748 | 3 Debian, Jsoup, Redhat | 4 Debian Linux, Jsoup, Jboss Bpms and 1 more | 2025-04-20 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | ||||
CVE-2017-6305 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | N/A |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." | ||||
CVE-2017-6312 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 5.5 Medium |
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | ||||
CVE-2017-6472 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | N/A |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. | ||||
CVE-2017-6299 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | N/A |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." | ||||
CVE-2017-6301 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | N/A |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads." | ||||
CVE-2017-6302 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | N/A |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." | ||||
CVE-2017-6188 | 2 Debian, Munin-monitoring | 2 Debian Linux, Munin | 2025-04-20 | 5.5 Medium |
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. |