Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-12-14 | CVE-2017-17511 | KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c. | Debian_linux, Kildclient | 8.8 | ||
| 2017-12-02 | CVE-2017-17094 | wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | Debian_linux, Wordpress | 5.4 | ||
| 2017-12-02 | CVE-2017-17093 | wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | Debian_linux, Wordpress | 5.4 | ||
| 2017-12-02 | CVE-2017-17092 | wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | Debian_linux, Wordpress | 5.4 | ||
| 2017-12-08 | CVE-2017-16854 | In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. | Debian_linux, Otrs | 6.5 | ||
| 2017-11-13 | CVE-2017-16804 | In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. | Debian_linux, Redmine | 4.3 | ||
| 2018-01-04 | CVE-2017-1665 | IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. | Debian_linux, Security_key_lifecycle_manager | 5.9 | ||
| 2017-10-02 | CVE-2017-14977 | The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | Debian_linux, Poppler | 7.5 | ||
| 2017-10-02 | CVE-2017-14976 | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. | Debian_linux, Poppler | 7.5 | ||
| 2017-10-02 | CVE-2017-14975 | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | Debian_linux, Poppler | 7.5 |