Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-09-11 | CVE-2017-7650 | In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. | Debian_linux, Mosquitto | 6.5 | ||
| 2017-04-09 | CVE-2017-7612 | The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | Ubuntu_linux, Debian_linux, Elfutils | 5.5 | ||
| 2017-04-09 | CVE-2017-7611 | The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | Ubuntu_linux, Debian_linux, Elfutils | 5.5 | ||
| 2017-04-09 | CVE-2017-7610 | The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | Ubuntu_linux, Debian_linux, Elfutils | 5.5 | ||
| 2017-04-09 | CVE-2017-7608 | The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. | Ubuntu_linux, Debian_linux, Elfutils | 5.5 | ||
| 2018-03-01 | CVE-2017-6928 | Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations. | Debian_linux, Drupal | 5.3 | ||
| 2017-03-12 | CVE-2017-6816 | In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | Debian_linux, Wordpress | 4.9 | ||
| 2017-03-06 | CVE-2017-6499 | An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). | Debian_linux, Imagemagick | 5.5 | ||
| 2017-02-17 | CVE-2017-6014 | In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. | Debian_linux, Wireshark | 7.5 | ||
| 2015-02-19 | CVE-2015-1592 | Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. | Debian_linux, Movable_type | N/A |