Total
9174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8682 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Opensuse | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. | |||||
| CVE-2017-17784 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | |||||
| CVE-2017-17787 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | |||||
| CVE-2017-7863 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | |||||
| CVE-2017-5091 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-3167 | 6 Apache, Apple, Debian and 3 more | 15 Http Server, Mac Os X, Debian Linux and 12 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | |||||
| CVE-2017-8823 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013. | |||||
| CVE-2017-5856 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. | |||||
| CVE-2017-10111 | 4 Debian, Netapp, Oracle and 1 more | 25 Debian Linux, Active Iq Unified Manager, Cloud Backup and 22 more | 2025-04-20 | 6.8 MEDIUM | 9.6 CRITICAL |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2016-10149 | 2 Debian, Pysaml2 Project | 2 Debian Linux, Pysaml2 | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | |||||
| CVE-2017-12640 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. | |||||
| CVE-2017-17458 | 2 Debian, Mercurial | 2 Debian Linux, Mercurial | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. | |||||
| CVE-2017-6312 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | |||||
| CVE-2017-6303 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." | |||||
| CVE-2016-8734 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. | |||||
| CVE-2017-3652 | 2 Debian, Oracle | 2 Debian Linux, Mysql | 2025-04-20 | 4.9 MEDIUM | 4.2 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2017-9503 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 1.9 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. | |||||
| CVE-2017-14314 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2017-8925 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. | |||||
| CVE-2017-9373 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 1.9 LOW | 5.5 MEDIUM |
| Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device. | |||||