Total
9991 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15569 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. | |||||
| CVE-2017-12873 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. | |||||
| CVE-2017-15098 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2025-04-20 | 5.5 MEDIUM | 8.1 HIGH |
| Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. | |||||
| CVE-2017-6300 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h." | |||||
| CVE-2017-14994 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. | |||||
| CVE-2017-13768 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. | |||||
| CVE-2016-7448 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. | |||||
| CVE-2016-6794 | 6 Apache, Canonical, Debian and 3 more | 14 Tomcat, Ubuntu Linux, Debian Linux and 11 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. | |||||
| CVE-2017-7697 | 2 Debian, Libsamplerate Project | 2 Debian Linux, Libsamplerate | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file. | |||||
| CVE-2017-3302 | 4 Debian, Mariadb, Oracle and 1 more | 8 Debian Linux, Mariadb, Mysql and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. | |||||
| CVE-2017-11610 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Cloudforms and 1 more | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | |||||
| CVE-2017-14173 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. | |||||
| CVE-2017-0901 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2025-04-20 | 6.4 MEDIUM | 7.5 HIGH |
| RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | |||||
| CVE-2017-17503 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. | |||||
| CVE-2016-2366 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this vulnerability and cause a crash. | |||||
| CVE-2017-13711 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | |||||
| CVE-2017-8347 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-16516 | 2 Debian, Yajl-ruby Project | 2 Debian Linux, Yajl-ruby | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. | |||||
| CVE-2016-9775 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. | |||||
| CVE-2017-17433 | 2 Debian, Samba | 2 Debian Linux, Rsync | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. | |||||