linux
by Debian
Source repositories
CVEs (3,015)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17432 | Hig | 0.49 | 7.5 | 0.03 | Dec 6, 2017 | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. | ||
| CVE-2017-8821 | Hig | 0.49 | 7.5 | 0.02 | Dec 3, 2017 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which… | ||
| CVE-2017-8820 | Hig | 0.49 | 7.5 | 0.02 | Dec 3, 2017 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed… | ||
| CVE-2017-8819 | Hig | 0.49 | 7.5 | 0.01 | Dec 3, 2017 | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to… | ||
| CVE-2017-16612 | Hig | 0.49 | 7.5 | 0.05 | Dec 1, 2017 | libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through… | ||
| CVE-2017-17084 | Hig | 0.49 | 7.5 | 0.03 | Dec 1, 2017 | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. | ||
| CVE-2017-17083 | Hig | 0.49 | 7.5 | 0.03 | Dec 1, 2017 | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. | ||
| CVE-2017-15923 | Hig | 0.49 | 7.5 | 0.03 | Nov 15, 2017 | Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. | ||
| CVE-2017-8815 | Hig | 0.49 | 7.5 | 0.02 | Nov 15, 2017 | The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. | ||
| CVE-2017-8814 | Hig | 0.49 | 7.5 | 0.02 | Nov 15, 2017 | The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | ||
| CVE-2017-8810 | Hig | 0.49 | 7.5 | 0.02 | Nov 15, 2017 | MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct… | ||
| CVE-2017-15723 | Hig | 0.49 | 7.5 | 0.02 | Oct 22, 2017 | In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | ||
| CVE-2017-15721 | Hig | 0.49 | 7.5 | 0.02 | Oct 22, 2017 | In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. | ||
| CVE-2015-5177 | Hig | 0.49 | 7.5 | 0.06 | Oct 22, 2017 | Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | ||
| CVE-2017-10388 | Hig | 0.49 | 7.5 | 0.03 | Oct 19, 2017 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with… | ||
| CVE-2017-15577 | Hig | 0.49 | 7.5 | 0.02 | Oct 18, 2017 | Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. | ||
| CVE-2017-15576 | Hig | 0.49 | 7.5 | 0.02 | Oct 18, 2017 | Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. | ||
| CVE-2017-15572 | Hig | 0.49 | 7.5 | 0.02 | Oct 18, 2017 | In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. | ||
| CVE-2017-15191 | Hig | 0.49 | 7.5 | 0.03 | Oct 10, 2017 | In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. | ||
| CVE-2017-1000115 | Hig | 0.49 | 7.5 | 0.05 | Oct 5, 2017 | Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository |
- risk 0.49cvss 7.5epss 0.03
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.
- risk 0.49cvss 7.5epss 0.02
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which…
- risk 0.49cvss 7.5epss 0.02
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed…
- risk 0.49cvss 7.5epss 0.01
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to…
- risk 0.49cvss 7.5epss 0.05
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through…
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.
- risk 0.49cvss 7.5epss 0.03
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
- risk 0.49cvss 7.5epss 0.02
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
- risk 0.49cvss 7.5epss 0.02
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
- risk 0.49cvss 7.5epss 0.02
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct…
- risk 0.49cvss 7.5epss 0.02
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.
- risk 0.49cvss 7.5epss 0.02
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468.
- risk 0.49cvss 7.5epss 0.06
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
- risk 0.49cvss 7.5epss 0.03
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with…
- risk 0.49cvss 7.5epss 0.02
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
- risk 0.49cvss 7.5epss 0.02
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
- risk 0.49cvss 7.5epss 0.02
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
- risk 0.49cvss 7.5epss 0.03
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
- risk 0.49cvss 7.5epss 0.05
Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository
Page 37 of 151