Debian

Debian Linux

9950 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-14492

  • EPSS 92.84%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

9.8

CVE-2017-14493

Exploit
  • EPSS 5.34%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

5.9

CVE-2017-14494

  • EPSS 10.99%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

7.5

CVE-2017-14495

  • EPSS 53.32%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

7.8

CVE-2017-14496

  • EPSS 16.88%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

7.5

CVE-2017-13704

  • EPSS 79.32%
  • Veröffentlicht 03.10.2017 01:29:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platf...

7.5

CVE-2017-14975

Exploit
  • EPSS 1.1%
  • Veröffentlicht 02.10.2017 01:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.

7.5

CVE-2017-14976

Exploit
  • EPSS 1.09%
  • Veröffentlicht 02.10.2017 01:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.

7.5

CVE-2017-14977

Exploit
  • EPSS 1.1%
  • Veröffentlicht 02.10.2017 01:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.

5.5

CVE-2017-14926

  • EPSS 0.29%
  • Veröffentlicht 30.09.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.