Filtered by vendor Debian Subscriptions
Filtered by product Debian Linux Subscriptions
Total 10052 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-8345 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 6.5 Medium
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
CVE-2017-14607 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2016-8692 4 Debian, Fedoraproject, Jasper Project and 1 more 4 Debian Linux, Fedora, Jasper and 1 more 2025-04-20 N/A
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
CVE-2017-14246 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2025-04-20 N/A
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
CVE-2015-7701 5 Debian, Netapp, Ntp and 2 more 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more 2025-04-20 7.5 High
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
CVE-2017-16996 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 7.8 High
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
CVE-2015-7702 5 Debian, Netapp, Ntp and 2 more 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more 2025-04-20 6.5 Medium
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVE-2015-7850 3 Debian, Netapp, Ntp 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more 2025-04-20 6.5 Medium
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
CVE-2017-14504 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.
CVE-2017-16939 3 Debian, Linux, Redhat 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more 2025-04-20 7.8 High
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
CVE-2017-14495 5 Canonical, Debian, Novell and 2 more 8 Ubuntu Linux, Debian Linux, Leap and 5 more 2025-04-20 N/A
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
CVE-2017-10114 4 Debian, Netapp, Oracle and 1 more 20 Debian Linux, Active Iq Unified Manager, Cloud Backup and 17 more 2025-04-20 8.3 High
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2017-5205 3 Debian, Redhat, Tcpdump 9 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-20 N/A
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
CVE-2015-1336 3 Canonical, Debian, Man-db Project 3 Ubuntu Linux, Debian Linux, Man-db 2025-04-20 N/A
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
CVE-2016-10165 6 Canonical, Debian, Littlecms and 3 more 23 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 20 more 2025-04-20 7.1 High
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVE-2016-10197 3 Debian, Libevent Project, Redhat 3 Debian Linux, Libevent, Enterprise Linux 2025-04-20 7.5 High
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
CVE-2015-5300 7 Canonical, Debian, Fedoraproject and 4 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2025-04-20 N/A
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
CVE-2017-13079 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2025-04-20 N/A
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-13080 7 Canonical, Debian, Freebsd and 4 more 13 Ubuntu Linux, Debian Linux, Freebsd and 10 more 2025-04-20 N/A
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-7668 6 Apache, Apple, Debian and 3 more 16 Http Server, Mac Os X, Debian Linux and 13 more 2025-04-20 7.5 High
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.