VYPR

Vendor CVEs

Debian

All CVEs

3,372 total · sorted by risk
  • CVE-2017-13760MedAug 29, 2017
    risk 0.36cvss 5.5epss 0.01

    In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.

  • CVE-2017-13756MedAug 29, 2017
    risk 0.36cvss 5.5epss 0.01

    In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.

  • CVE-2017-13755MedAug 29, 2017
    risk 0.36cvss 5.5epss 0.01

    In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls.

  • CVE-2017-3735MedAug 28, 2017
    risk 0.36cvss 5.3epss 0.18

    While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and…

  • CVE-2015-8621MedAug 7, 2017
    risk 0.36cvss 5.5epss 0.00

    t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.

  • CVE-2017-10806MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.00

    Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.

  • CVE-2017-11733MedJul 29, 2017
    risk 0.36cvss 5.5epss 0.01

    A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-11732MedJul 29, 2017
    risk 0.36cvss 5.5epss 0.01

    A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-11434MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.00

    The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string.

  • CVE-2017-10995MedJul 7, 2017
    risk 0.36cvss 5.5epss 0.02

    The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.

  • CVE-2015-8697MedJun 27, 2017
    risk 0.36cvss 5.5epss 0.00

    stalin 0.11-5 allows local users to write to arbitrary files.

  • CVE-2017-9929MedJun 26, 2017
    risk 0.36cvss 5.5epss 0.01

    In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9928MedJun 26, 2017
    risk 0.36cvss 5.5epss 0.01

    In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9868MedJun 25, 2017
    risk 0.36cvss 5.5epss 0.00

    In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

  • CVE-2017-9865MedJun 25, 2017
    risk 0.36cvss 5.5epss 0.02

    The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

  • CVE-2017-9503MedJun 16, 2017
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.

  • CVE-2017-9375MedJun 16, 2017
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.

  • CVE-2017-9373MedJun 16, 2017
    risk 0.36cvss 5.5epss 0.00

    Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.

  • CVE-2017-9330MedJun 8, 2017
    risk 0.36cvss 5.6epss 0.00

    QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.

  • CVE-2017-9310MedJun 8, 2017
    risk 0.36cvss 5.6epss 0.00

    QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated…

  • CVE-2017-8314MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.02

    Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.

  • CVE-2017-8312MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.

  • CVE-2017-8925MedMay 12, 2017
    risk 0.36cvss 5.5epss 0.00

    The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.

  • CVE-2017-8846MedMay 8, 2017
    risk 0.36cvss 5.5epss 0.02

    The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.

  • CVE-2017-7718MedApr 20, 2017
    risk 0.36cvss 5.5epss 0.01

    hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_…

  • CVE-2017-7697MedApr 11, 2017
    risk 0.36cvss 5.5epss 0.01

    In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.

  • CVE-2016-5322MedApr 11, 2017
    risk 0.36cvss 5.5epss 0.02

    The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

  • CVE-2017-7613MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.

  • CVE-2017-7612MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

  • CVE-2017-7611MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

  • CVE-2017-7610MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

  • CVE-2017-7608MedApr 9, 2017
    risk 0.36cvss 5.5epss 0.02

    The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.

  • CVE-2017-5973MedMar 27, 2017
    risk 0.36cvss 5.5epss 0.00

    The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.

  • CVE-2016-9556MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.

  • CVE-2017-6836MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.03

    Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file.

  • CVE-2017-6834MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.03

    Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

  • CVE-2017-6832MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.03

    Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

  • CVE-2017-6831MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.03

    Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

  • CVE-2017-5987MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.00

    The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.

  • CVE-2016-10247MedMar 16, 2017
    risk 0.36cvss 5.5epss 0.02

    Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

  • CVE-2016-10246MedMar 16, 2017
    risk 0.36cvss 5.5epss 0.02

    Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

  • CVE-2017-6314MedMar 10, 2017
    risk 0.36cvss 5.5epss 0.02

    The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

  • CVE-2017-6312MedMar 10, 2017
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.

  • CVE-2016-5315MedMar 7, 2017
    risk 0.36cvss 5.5epss 0.02

    The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

  • CVE-2013-5653MedMar 7, 2017
    risk 0.36cvss 5.5epss 0.02

    The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

  • CVE-2017-6500MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.

  • CVE-2017-6499MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).

  • CVE-2017-6498MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.

  • CVE-2016-9830MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.02

    The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

  • CVE-2017-5976MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.02

    Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.

Page 33 of 68