Filtered by vendor Debian Subscriptions
Filtered by product Debian Linux Subscriptions
Total 10052 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-17866 2 Artifex, Debian 2 Mupdf, Debian Linux 2025-04-20 N/A
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2016-10149 3 Debian, Pysaml2 Project, Redhat 3 Debian Linux, Pysaml2, Openstack 2025-04-20 N/A
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
CVE-2017-16532 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-20 6.6 Medium
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-13737 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.
CVE-2017-6298 2 Debian, Ytnef Project 2 Debian Linux, Ytnef 2025-04-20 N/A
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."
CVE-2017-16529 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-20 6.6 Medium
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16527 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-20 6.6 Medium
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-14994 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.
CVE-2017-5092 4 Debian, Google, Microsoft and 1 more 4 Debian Linux, Chrome, Windows and 1 more 2025-04-20 N/A
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2017-5097 4 Debian, Google, Linux and 1 more 4 Debian Linux, Chrome, Linux Kernel and 1 more 2025-04-20 N/A
Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2016-9843 10 Apple, Canonical, Debian and 7 more 27 Iphone Os, Mac Os X, Tvos and 24 more 2025-04-20 9.8 Critical
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2017-5526 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 6.5 Medium
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2017-12872 2 Debian, Simplesamlphp 2 Debian Linux, Simplesamlphp 2025-04-20 N/A
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.
CVE-2017-5510 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 7.8 High
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVE-2015-8504 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 6.5 Medium
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
CVE-2017-15672 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2025-04-20 N/A
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.
CVE-2017-9788 6 Apache, Apple, Debian and 3 more 18 Http Server, Mac Os X, Debian Linux and 15 more 2025-04-20 N/A
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
CVE-2017-5122 3 Debian, Google, Redhat 3 Debian Linux, Chrome, Rhel Extras 2025-04-20 N/A
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.
CVE-2017-5116 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 8.8 High
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2017-5099 4 Debian, Google, Linux and 1 more 4 Debian Linux, Chrome, Linux Kernel and 1 more 2025-04-20 N/A
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.