Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 9273 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-10053 5 Debian, Netapp, Oracle and 2 more 28 Debian Linux, Active Iq Unified Manager, Cloud Backup and 25 more 2025-04-20 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2017-11714 2 Artifex, Debian 2 Ghostscript, Debian Linux 2025-04-20 6.8 MEDIUM 7.8 HIGH
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
CVE-2016-2317 4 Debian, Graphicsmagick, Opensuse and 1 more 7 Debian Linux, Graphicsmagick, Leap and 4 more 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
CVE-2015-6748 2 Debian, Jsoup 2 Debian Linux, Jsoup 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
CVE-2017-17845 2 Debian, Enigmail 2 Debian Linux, Enigmail 2025-04-20 7.5 HIGH 7.3 HIGH
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
CVE-2017-12603 2 Debian, Opencv 2 Debian Linux, Opencv 2025-04-20 6.8 MEDIUM 8.8 HIGH
OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.
CVE-2017-8386 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-20 6.5 MEDIUM 8.8 HIGH
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
CVE-2017-14246 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2025-04-20 5.8 MEDIUM 8.1 HIGH
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
CVE-2016-9131 4 Debian, Isc, Netapp and 1 more 12 Debian Linux, Bind, Data Ontap Edge and 9 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
CVE-2017-16532 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-20 7.2 HIGH 6.6 MEDIUM
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2016-9556 3 Debian, Imagemagick, Opensuse Project 3 Debian Linux, Imagemagick, Leap 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVE-2017-13078 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-6815 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 5.8 MEDIUM 6.1 MEDIUM
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
CVE-2017-9216 2 Artifex, Debian 2 Jbig2dec, Debian Linux 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
CVE-2017-3238 4 Debian, Mariadb, Oracle and 1 more 9 Debian Linux, Mariadb, Mysql and 6 more 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
CVE-2015-2750 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-20 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
CVE-2017-12607 2 Apache, Debian 2 Openoffice, Debian Linux 2025-04-20 6.8 MEDIUM 7.8 HIGH
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
CVE-2017-8345 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2015-6674 2 Debian, Inspircd 2 Debian Linux, Inspircd 2025-04-20 7.5 HIGH 9.8 CRITICAL
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.
CVE-2016-10246 2 Artifex, Debian 2 Mupdf, Debian Linux 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.