Vulnerabilities (CVE)

Vendor filter

Debian Subscribe

Filter

3343 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12814 2 Fasterxml, Debian 2 Jackson-databind, Debian Linux 2019-06-23 4.3
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar...
CVE-2017-7654 2 Eclipse, Debian 2 Mosquitto, Debian Linux 2019-06-20 5.0
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.
CVE-2017-7653 2 Eclipse, Debian 2 Mosquitto, Debian Linux 2019-06-20 3.5
The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic...
CVE-2017-7613 3 Elfutils Project, Canonical, Debian 3 Elfutils, Ubuntu Linux, Debian Linux 2019-06-20 4.3
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVE-2017-7612 3 Elfutils Project, Canonical, Debian 3 Elfutils, Ubuntu Linux, Debian Linux 2019-06-20 4.3
The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7611 3 Elfutils Project, Canonical, Debian 3 Elfutils, Ubuntu Linux, Debian Linux 2019-06-20 4.3
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7610 3 Elfutils Project, Canonical, Debian 3 Elfutils, Ubuntu Linux, Debian Linux 2019-06-20 4.3
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7608 3 Elfutils Project, Canonical, Debian 3 Elfutils, Ubuntu Linux, Debian Linux 2019-06-20 4.3
The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2018-1000164 2 Gunicorn, Debian 2 Gunicorn, Debian Linux 2019-06-19 5.0
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary...
CVE-2018-20346 5 Google, Sqlite, Debian and 2 more 5 Chrome, Sqlite, Debian Linux and 2 more 2019-06-19 6.8
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code...
CVE-2017-2520 2 Apple, Debian 6 Apple Tv, Watchos, Mac Os X and 3 more 2019-06-19 7.5
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote...
CVE-2017-2519 2 Apple, Debian 6 Apple Tv, Watchos, Mac Os X and 3 more 2019-06-19 7.5
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote...
CVE-2017-2518 2 Apple, Debian 6 Apple Tv, Watchos, Mac Os X and 3 more 2019-06-19 7.5
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote...
CVE-2019-0201 2 Apache, Debian 2 Zookeeper, Debian Linux 2019-06-19 4.3
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL() command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id...
CVE-2016-2510 4 Beanshell Project, Debian, Beanshell and 1 more 4 Debian Linux, Beanshell, Beanshell and 1 more 2019-06-19 6.8
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
CVE-2018-1000122 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-06-18 6.4
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
CVE-2018-1000120 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-06-18 7.5
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
CVE-2018-1000007 4 Haxx, Debian, Canonical and 1 more 6 Curl, Debian Linux, Ubuntu Linux and 3 more 2019-06-18 5.0
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to...
CVE-2018-1000005 3 Haxx, Debian, Canonical 3 Libcurl, Debian Linux, Ubuntu Linux 2019-06-18 6.4
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was...
CVE-2019-12497 2 Otrs, Debian 2 Otrs, Debian Linux 2019-06-18 5.0
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name...