Search Results (Refine Search)
- CPE Product Version: cpe:/o:debian:debian_linux:9.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-5268 |
In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file. Published: January 08, 2018; 12:29:00 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-5208 |
In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. Published: January 06, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-5207 |
When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. Published: January 06, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-5206 |
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. Published: January 06, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-5205 |
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. Published: January 06, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-5248 |
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. Published: January 05, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-1665 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. Published: January 04, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5753 |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Published: January 04, 2018; 8:29:00 AM -0500 |
V4.0:(not available) V3.1: 5.6 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2017-5715 |
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Published: January 04, 2018; 8:29:00 AM -0500 |
V4.0:(not available) V3.1: 5.6 MEDIUM V2.0: 1.9 LOW |
CVE-2017-1000487 |
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. Published: January 03, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-1000472 |
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability". Published: January 03, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2017-1000501 |
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. Published: January 03, 2018; 10:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-1000433 |
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. Published: January 02, 2018; 6:29:00 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-1000422 |
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution Published: January 02, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-1000421 |
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution Published: January 02, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-1000456 |
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. Published: January 02, 2018; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-1000450 |
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. Published: January 02, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-1000445 |
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service Published: January 02, 2018; 10:29:00 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17760 |
OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. Published: December 29, 2017; 1:29:00 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17915 |
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. Published: December 27, 2017; 12:08:22 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |