Debian Linux Security Vulnerabilities and Issues — Page 12 of Debian Linux CVE List

Lucene search

DebianDebian Linux

849 matches found

CVE•added 2017/04/24 11:59 p.m.•91 views

CVE-2017-5040

V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.

4.3CVSS4.8AI score0.03922EPSS

CVE•added 2017/05/02 2:59 p.m.•91 views

CVE-2017-8112

hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.

6.5CVSS6.2AI score0.00056EPSS

CVE•added 2017/04/30 5:59 p.m.•91 views

CVE-2017-8355

In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5CVSS6.2AI score0.00657EPSS

CVE•added 2017/07/26 7:29 p.m.•91 views

CVE-2017-9835

The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer ov...

7.8CVSS6.9AI score0.00353EPSS

CVE•added 2017/02/15 3:59 p.m.•90 views

CVE-2015-8979

Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.

7.5CVSS7.3AI score0.00659EPSS

CVE•added 2017/01/06 9:59 p.m.•90 views

CVE-2016-2376

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet wh...

8.1CVSS8.2AI score0.06727EPSS

CVE•added 2017/03/01 8:59 p.m.•90 views

CVE-2016-9830

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

5.5CVSS6.8AI score0.00598EPSS

CVE•added 2017/08/07 3:29 p.m.•90 views

CVE-2017-12640

ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.

8.8CVSS7.8AI score0.00923EPSS

CVE•added 2017/12/15 9:29 a.m.•90 views

CVE-2017-17670

In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.

8.8CVSS8.3AI score0.01254EPSS

CVE•added 2017/12/27 5:8 p.m.•90 views

CVE-2017-17879

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.

8.8CVSS7.1AI score0.00954EPSS

CVE•added 2017/04/24 11:59 p.m.•90 views

CVE-2017-5044

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

6.8CVSS6.6AI score0.01013EPSS

CVE•added 2017/03/03 3:59 p.m.•90 views

CVE-2017-5194

Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.

7.5CVSS7.1AI score0.0187EPSS

CVE•added 2017/03/06 2:59 a.m.•90 views

CVE-2017-6499

An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).

5.5CVSS5.6AI score0.00275EPSS

CVE•added 2017/04/10 3:59 p.m.•90 views

CVE-2017-7377

The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.

6CVSS6AI score0.00075EPSS

CVE•added 2017/04/30 5:59 p.m.•90 views

CVE-2017-8345

In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5CVSS6.2AI score0.00962EPSS

CVE•added 2017/07/26 7:29 p.m.•90 views

CVE-2017-9612

The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.

7.8CVSS6.7AI score0.00392EPSS

CVE•added 2017/03/24 2:59 p.m.•89 views

CVE-2016-10149

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

7.5CVSS7.3AI score0.01774EPSS

CVE•added 2017/03/07 4:59 p.m.•89 views

CVE-2016-6255

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.

7.5CVSS8.3AI score0.56733EPSS

CVE•added 2017/02/06 5:59 p.m.•89 views

CVE-2016-7448

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

7.8CVSS8AI score0.04162EPSS

CVE•added 2017/08/24 2:29 p.m.•89 views

CVE-2017-12136

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

7.8CVSS6.4AI score0.00053EPSS

CVE•added 2017/08/23 6:29 a.m.•89 views

CVE-2017-13145

In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.

6.5CVSS7.5AI score0.01329EPSS

CVE•added 2017/09/04 11:29 p.m.•89 views

CVE-2017-14136

OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.

6.5CVSS7.4AI score0.00966EPSS

CVE•added 2017/12/27 5:8 p.m.•89 views

CVE-2017-16996

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.

7.8CVSS7.5AI score0.00125EPSS

CVE•added 2017/10/27 5:29 a.m.•89 views

CVE-2017-5111

A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

8.8CVSS8.5AI score0.01484EPSS

CVE•added 2017/04/13 5:59 p.m.•88 views

CVE-2015-8619

The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).

7.5CVSS7.7AI score0.03318EPSS

CVE•added 2017/03/23 6:59 p.m.•88 views

CVE-2016-9556

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

5.5CVSS6.4AI score0.00234EPSS

CVE•added 2017/07/28 5:29 a.m.•88 views

CVE-2017-11714

psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_relo...

7.8CVSS6.7AI score0.00335EPSS

CVE•added 2017/08/29 6:29 a.m.•88 views

CVE-2017-13748

There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.

7.5CVSS7.1AI score0.02661EPSS

CVE•added 2017/08/30 9:29 a.m.•88 views

CVE-2017-13776

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.

7.1CVSS7AI score0.01071EPSS

CVE•added 2017/09/07 6:29 a.m.•88 views

CVE-2017-14175

In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over ...

7.1CVSS6.9AI score0.00579EPSS

CVE•added 2017/10/27 5:29 a.m.•88 views

CVE-2017-5117

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5CVSS6.3AI score0.00765EPSS

CVE•added 2017/03/24 3:59 p.m.•88 views

CVE-2017-5511

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.

9.8CVSS7.8AI score0.01355EPSS

CVE•added 2017/02/16 11:59 a.m.•88 views

CVE-2017-6009

An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a fai...

5.5CVSS5.8AI score0.0028EPSS

CVE•added 2017/04/30 5:59 p.m.•88 views

CVE-2017-8343

In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5CVSS6.2AI score0.00657EPSS

CVE•added 2017/04/30 5:59 p.m.•88 views

CVE-2017-8351

In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5CVSS6.2AI score0.00657EPSS

CVE•added 2017/06/02 7:29 p.m.•88 views

CVE-2017-9408

In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

6.5CVSS6.2AI score0.01046EPSS

CVE•added 2017/07/26 7:29 p.m.•88 views

CVE-2017-9611

The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

7.8CVSS7.9AI score0.00392EPSS

CVE•added 2017/04/13 5:59 p.m.•87 views

CVE-2015-8345

The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.

6.5CVSS7AI score0.0007EPSS

CVE•added 2017/07/24 1:29 a.m.•87 views

CVE-2017-11591

There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

7.5CVSS7.2AI score0.00491EPSS

CVE•added 2017/08/07 3:29 p.m.•87 views

CVE-2017-12643

ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.

7.1CVSS7.1AI score0.0126EPSS

CVE•added 2017/09/07 6:29 a.m.•87 views

CVE-2017-14172

In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" ...

7.1CVSS6.8AI score0.00579EPSS

CVE•added 2017/12/11 2:29 a.m.•87 views

CVE-2017-17504

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

6.5CVSS7AI score0.00979EPSS

CVE•added 2017/04/24 11:59 p.m.•87 views

CVE-2017-5035

Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site.

8.1CVSS7.7AI score0.00435EPSS

CVE•added 2017/04/24 11:59 p.m.•87 views

CVE-2017-5043

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.

8.8CVSS8.2AI score0.01098EPSS

CVE•added 2017/10/27 5:29 a.m.•87 views

CVE-2017-5101

Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.

6.5CVSS6.2AI score0.01156EPSS

CVE•added 2017/04/30 5:59 p.m.•87 views

CVE-2017-8357

In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.

6.5CVSS6.2AI score0.00657EPSS

CVE•added 2017/09/25 5:29 p.m.•86 views

CVE-2015-6748

Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.

6.1CVSS6AI score0.02044EPSS

CVE•added 2017/10/16 1:29 p.m.•86 views

CVE-2016-8734

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

6.5CVSS6.7AI score0.06033EPSS

CVE•added 2017/04/24 11:59 p.m.•86 views

CVE-2017-5038

6.8CVSS6.7AI score0.00942EPSS

CVE•added 2017/04/18 7:59 p.m.•86 views

CVE-2017-7943

The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.

6.5CVSS6.6AI score0.01082EPSS

Total number of security vulnerabilities849