Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-12-06 | CVE-2017-17434 | The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. | Debian_linux, Rsync | 9.8 | ||
2017-12-11 | CVE-2017-17500 | ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. | Debian_linux, Graphicsmagick | 8.8 | ||
2017-12-11 | CVE-2017-17501 | WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. | Debian_linux, Graphicsmagick | 8.8 | ||
2017-12-11 | CVE-2017-17502 | ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. | Debian_linux, Graphicsmagick | 8.8 | ||
2017-12-11 | CVE-2017-17503 | ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. | Debian_linux, Graphicsmagick | 8.8 | ||
2017-12-20 | CVE-2017-17782 | In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | Debian_linux, Graphicsmagick | 8.8 | ||
2017-12-20 | CVE-2017-17783 | In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. | Debian_linux, Graphicsmagick | 7.5 | ||
2017-12-27 | CVE-2017-17843 | An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002. | Debian_linux, Enigmail | 5.9 | ||
2017-12-27 | CVE-2017-17844 | An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue. | Debian_linux, Enigmail | 6.5 | ||
2017-12-27 | CVE-2017-17845 | An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001. | Debian_linux, Enigmail | 7.3 |