Filtered by vendor Debian
Subscribe
Search
Total
2612 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11027 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2020-05-11 | 5.5 MEDIUM | 8.1 HIGH |
| In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). | |||||
| CVE-2016-5421 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2020-05-08 | 6.8 MEDIUM | 8.1 HIGH |
| Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2020-9481 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2020-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. | |||||
| CVE-2018-11235 | 5 Canonical, Debian, Git-scm and 2 more | 9 Ubuntu Linux, Debian Linux, Git and 6 more | 2020-05-02 | 6.8 MEDIUM | 7.8 HIGH |
| In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | |||||
| CVE-2017-12135 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2020-04-14 | 4.6 MEDIUM | 8.8 HIGH |
| Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | |||||
| CVE-2020-5291 | 4 Archlinux, Centos, Debian and 1 more | 4 Arch Linux, Centos, Debian Linux and 1 more | 2020-04-02 | 8.5 HIGH | 7.8 HIGH |
| Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update. | |||||
| CVE-2018-1000222 | 3 Canonical, Debian, Libgd | 3 Ubuntu Linux, Debian Linux, Libgd | 2020-03-31 | 6.8 MEDIUM | 8.8 HIGH |
| Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5. | |||||
| CVE-2018-18226 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. | |||||
| CVE-2018-19627 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. | |||||
| CVE-2018-19628 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. | |||||
| CVE-2018-19622 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. | |||||
| CVE-2018-11358 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. | |||||
| CVE-2018-11359 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference. | |||||
| CVE-2018-11360 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow. | |||||
| CVE-2018-11362 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character. | |||||
| CVE-2018-11356 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record. | |||||
| CVE-2018-11357 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. | |||||
| CVE-2018-14339 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation. | |||||
| CVE-2018-14340 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read. | |||||
| CVE-2018-14341 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. | |||||
| CVE-2018-14342 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. | |||||
| CVE-2018-14343 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. | |||||
| CVE-2018-14368 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long. | |||||
| CVE-2018-14369 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression. | |||||
| CVE-2018-19623 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. | |||||
| CVE-2018-18227 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. | |||||
| CVE-2017-8073 | 2 Debian, Weechat | 2 Debian Linux, Weechat | 2020-03-16 | 5.0 MEDIUM | 7.5 HIGH |
| WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. | |||||
| CVE-2017-11173 | 2 Debian, Rack-cors Project | 2 Debian Linux, Rack-cors | 2020-03-03 | 6.8 MEDIUM | 8.8 HIGH |
| Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed. | |||||
| CVE-2015-8971 | 2 Debian, Enlightenment | 2 Debian Linux, Terminology | 2020-02-24 | 4.6 MEDIUM | 7.8 HIGH |
| Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. | |||||
| CVE-2015-1396 | 2 Debian, Gnu | 2 Debian Linux, Patch | 2020-02-17 | 6.4 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | |||||
| CVE-2017-17912 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-02-10 | 6.8 MEDIUM | 8.8 HIGH |
| In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. | |||||
| CVE-2017-17915 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-02-10 | 6.8 MEDIUM | 8.8 HIGH |
| In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. | |||||
| CVE-2017-17913 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-02-10 | 6.8 MEDIUM | 8.8 HIGH |
| In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. | |||||
| CVE-2019-18634 | 2 Debian, Sudo Project | 2 Debian Linux, Sudo | 2020-02-07 | 4.6 MEDIUM | 7.8 HIGH |
| In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. | |||||
| CVE-2014-5439 | 2 Debian, Sniffit Project | 2 Debian Linux, Sniffit | 2020-02-07 | 9.3 HIGH | 7.8 HIGH |
| Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. | |||||
| CVE-2017-9462 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2020-02-05 | 9.0 HIGH | 8.8 HIGH |
| In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | |||||
| CVE-2018-8019 | 2 Apache, Debian | 2 Tomcat Native, Debian Linux | 2020-02-03 | 4.3 MEDIUM | 7.4 HIGH |
| When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability. | |||||
| CVE-2015-0243 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2020-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-0242 | 3 Debian, Microsoft, Postgresql | 3 Debian Linux, Windows, Postgresql | 2020-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | |||||
| CVE-2015-0241 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2020-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. | |||||
| CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | |||||
| CVE-2017-16669 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-01-27 | 6.8 MEDIUM | 8.8 HIGH |
| coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. | |||||
| CVE-2017-17783 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-01-27 | 5.1 MEDIUM | 7.5 HIGH |
| In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. | |||||
| CVE-2017-17782 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2020-01-27 | 6.8 MEDIUM | 8.8 HIGH |
| In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | |||||
| CVE-2019-20373 | 2 Debian, Ltsp | 2 Debian Linux, Ldm | 2020-01-24 | 7.2 HIGH | 7.8 HIGH |
| LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script. | |||||
| CVE-2014-7844 | 3 Bsd Mailx Project, Debian, Redhat | 8 Bsd Mailx, Debian Linux, Enterprise Linux Desktop and 5 more | 2020-01-21 | 7.2 HIGH | 7.8 HIGH |
| BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | |||||
| CVE-2018-16227 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. | |||||
| CVE-2018-16451 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. | |||||
| CVE-2018-14461 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). | |||||
| CVE-2018-14464 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2020-01-20 | 5.0 MEDIUM | 7.5 HIGH |
| The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). | |||||