Filtered by vendor Debian
Subscriptions
Total
9725 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7846 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Thunderbird, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. | ||||
| CVE-2017-7829 | 4 Canonical, Debian, Mozilla and 1 more | 9 Ubuntu Linux, Debian Linux, Thunderbird and 6 more | 2024-11-21 | N/A |
| It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. | ||||
| CVE-2017-7805 | 3 Debian, Mozilla, Redhat | 4 Debian Linux, Firefox, Thunderbird and 1 more | 2024-11-21 | N/A |
| During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | ||||
| CVE-2017-7787 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | N/A |
| Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | ||||
| CVE-2017-7786 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | N/A |
| A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | ||||
| CVE-2017-7784 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | N/A |
| A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | ||||
| CVE-2017-7671 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | N/A |
| There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump. | ||||
| CVE-2017-7658 | 6 Debian, Eclipse, Hp and 3 more | 21 Debian Linux, Jetty, Xp P9000 and 18 more | 2024-11-21 | 9.8 Critical |
| In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. | ||||
| CVE-2017-7657 | 6 Debian, Eclipse, Hp and 3 more | 20 Debian Linux, Jetty, Xp P9000 and 17 more | 2024-11-21 | 9.8 Critical |
| In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. | ||||
| CVE-2017-7656 | 3 Debian, Eclipse, Redhat | 3 Debian Linux, Jetty, Jboss Data Grid | 2024-11-21 | 7.5 High |
| In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. | ||||
| CVE-2017-7655 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | 7.5 High |
| In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. | ||||
| CVE-2017-7654 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker. | ||||
| CVE-2017-7653 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients. | ||||
| CVE-2017-7652 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available (default limit typically 1024 file descriptors on Linux), then opening the configuration file will fail. | ||||
| CVE-2017-7651 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2024-11-21 | N/A |
| In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol. | ||||
| CVE-2017-7558 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | N/A |
| A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. | ||||
| CVE-2017-7525 | 5 Debian, Fasterxml, Netapp and 2 more | 30 Debian Linux, Jackson-databind, Oncommand Balance and 27 more | 2024-11-21 | 9.8 Critical |
| A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | ||||
| CVE-2017-7519 | 2 Ceph, Debian | 2 Ceph, Debian Linux | 2024-11-21 | N/A |
| In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library. | ||||
| CVE-2017-7518 | 4 Canonical, Debian, Linux and 1 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | N/A |
| A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. | ||||
| CVE-2017-7482 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Mrg | 2024-11-21 | 7.8 High |
| In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. | ||||