15 matches found
DEBIAN-CVE-2017-17811
In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in pastetokens in asm/preproc.c, a similar issue to CVE-2017-11111...
DEBIAN-CVE-2017-17532
examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
DEBIAN-CVE-2017-17528
backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
DEBIAN-CVE-2017-17042
lib/yard/coreext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files...
DEBIAN-CVE-2017-16926
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker providing a source tree for Ohcount processing to execute arbitrary code as the user running Ohcount...
DEBIAN-CVE-2017-12901
The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrpprint...
DEBIAN-CVE-2017-12868
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...
DEBIAN-CVE-2017-12669
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c...
CVE-2017-12670
In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service...
DEBIAN-CVE-2017-11503
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...
DEBIAN-CVE-2017-10978
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in makesecret" and a denial of service...
DEBIAN-CVE-2017-7475
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash...
DEBIAN-CVE-2017-5506
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file...
DEBIAN-CVE-2017-6435
The parsestringnode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory corruption via a crafted plist file...
DEBIAN-CVE-2017-2371
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site...