Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 9272 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5856 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 4.9 MEDIUM 6.5 MEDIUM
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
CVE-2017-10111 4 Debian, Netapp, Oracle and 1 more 25 Debian Linux, Active Iq Unified Manager, Cloud Backup and 22 more 2025-04-20 6.8 MEDIUM 9.6 CRITICAL
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2016-10149 2 Debian, Pysaml2 Project 2 Debian Linux, Pysaml2 2025-04-20 5.0 MEDIUM 7.5 HIGH
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
CVE-2017-12640 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 6.8 MEDIUM 8.8 HIGH
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
CVE-2017-17458 2 Debian, Mercurial 2 Debian Linux, Mercurial 2025-04-20 10.0 HIGH 9.8 CRITICAL
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
CVE-2017-6312 3 Debian, Fedoraproject, Gnome 3 Debian Linux, Fedora, Gdk-pixbuf 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.
CVE-2017-6303 2 Debian, Ytnef Project 2 Debian Linux, Ytnef 2025-04-20 6.8 MEDIUM 7.8 HIGH
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."
CVE-2016-8734 2 Apache, Debian 2 Subversion, Debian Linux 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.
CVE-2017-3652 2 Debian, Oracle 2 Debian Linux, Mysql 2025-04-20 4.9 MEDIUM 4.2 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).
CVE-2017-9503 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 1.9 LOW 5.5 MEDIUM
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVE-2017-14314 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-8925 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 2.1 LOW 5.5 MEDIUM
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVE-2017-9373 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 1.9 LOW 5.5 MEDIUM
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
CVE-2017-3157 3 Apache, Debian, Redhat 8 Openoffice, Debian Linux, Enterprise Linux Desktop and 5 more 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.
CVE-2017-5946 2 Debian, Rubyzip Project 2 Debian Linux, Rubyzip 2025-04-20 7.5 HIGH 9.8 CRITICAL
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
CVE-2016-9401 3 Debian, Gnu, Redhat 8 Debian Linux, Bash, Enterprise Linux Desktop and 5 more 2025-04-20 2.1 LOW 5.5 MEDIUM
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
CVE-2017-17915 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
CVE-2017-13760 2 Debian, Sleuthkit 2 Debian Linux, The Sleuth Kit 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.
CVE-2017-5525 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 4.9 MEDIUM 6.5 MEDIUM
Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2017-13081 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.