Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
9993 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16996 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling. | ||||
| CVE-2017-2295 | 3 Debian, Puppet, Redhat | 4 Debian Linux, Puppet, Satellite and 1 more | 2025-04-20 | N/A |
| Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. | ||||
| CVE-2017-16526 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. | ||||
| CVE-2017-15868 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. | ||||
| CVE-2017-5203 | 3 Debian, Redhat, Tcpdump | 9 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2025-04-20 | N/A |
| The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). | ||||
| CVE-2017-17855 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. | ||||
| CVE-2017-17854 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. | ||||
| CVE-2017-7703 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. | ||||
| CVE-2017-6468 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. | ||||
| CVE-2017-2870 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2025-04-20 | 7.8 High |
| An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. | ||||
| CVE-2017-17784 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2025-04-20 | 7.8 High |
| In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | ||||
| CVE-2017-5522 | 2 Debian, Osgeo | 2 Debian Linux, Mapserver | 2025-04-20 | N/A |
| Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. | ||||
| CVE-2017-16899 | 2 Debian, Xfig Project | 2 Debian Linux, Xfig | 2025-04-20 | N/A |
| An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c. | ||||
| CVE-2017-16944 | 2 Debian, Exim | 2 Debian Linux, Exim | 2025-04-20 | N/A |
| The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function. | ||||
| CVE-2017-16943 | 2 Debian, Exim | 2 Debian Linux, Exim | 2025-04-20 | N/A |
| The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. | ||||
| CVE-2017-16612 | 3 Canonical, Debian, X | 3 Ubuntu Linux, Debian Linux, Libxcursor | 2025-04-20 | N/A |
| libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. | ||||
| CVE-2017-14482 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Emacs, Enterprise Linux | 2025-04-20 | N/A |
| GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). | ||||
| CVE-2017-16611 | 3 Canonical, Debian, X | 3 Ubuntu Linux, Debian Linux, Libxfont | 2025-04-20 | 5.5 Medium |
| In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | ||||
| CVE-2017-16227 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2025-04-20 | N/A |
| The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | ||||
| CVE-2017-7889 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-20 | 7.8 High |
| The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | ||||