Filtered by vendor Debian
Subscribe
Search
Total
1227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0495 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-14 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core. | |||||
| CVE-2015-8104 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2019-02-13 | 4.7 MEDIUM | N/A |
| The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | |||||
| CVE-2015-5307 | 5 Canonical, Debian, Linux and 2 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2019-02-12 | 4.9 MEDIUM | N/A |
| The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | |||||
| CVE-2015-4896 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core. | |||||
| CVE-2015-4737 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-02-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth. | |||||
| CVE-2015-4752 | 4 Canonical, Debian, Oracle and 1 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2019-02-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. | |||||
| CVE-2015-4757 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Mysql | 2019-02-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||||
| CVE-2015-3012 | 3 Debian, Kogmbh, Owncloud | 3 Debian Linux, Webodf, Owncloud | 2019-02-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. | |||||
| CVE-2015-4813 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-11 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. | |||||
| CVE-2015-2620 | 4 Canonical, Debian, Juniper and 1 more | 5 Ubuntu Linux, Debian Linux, Junos Space and 2 more | 2019-02-05 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. | |||||
| CVE-2015-2559 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-02-05 | 3.5 LOW | N/A |
| Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | |||||
| CVE-2015-2648 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-02-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
| CVE-2015-2643 | 4 Canonical, Debian, Oracle and 1 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2019-02-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||||
| CVE-2015-2594 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-05 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | |||||
| CVE-2015-2571 | 4 Canonical, Debian, Novell and 1 more | 7 Ubuntu Linux, Debian Linux, Suse Linux and 4 more | 2019-02-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||||
| CVE-2015-2568 | 4 Canonical, Debian, Novell and 1 more | 8 Ubuntu Linux, Debian Linux, Suse Linux and 5 more | 2019-02-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. | |||||
| CVE-2015-0374 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2019-02-01 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. | |||||
| CVE-2015-0433 | 4 Canonical, Debian, Novell and 1 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2019-02-01 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. | |||||
| CVE-2015-0381 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2019-02-01 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. | |||||
| CVE-2015-0382 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2019-02-01 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. | |||||
| CVE-2015-0441 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Mysql | 2019-02-01 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. | |||||
| CVE-2015-0499 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-02-01 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. | |||||
| CVE-2014-9015 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2018-12-20 | 6.8 MEDIUM | N/A |
| Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions. | |||||
| CVE-2014-6568 | 5 Canonical, Debian, Fedoraproject and 2 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2018-12-18 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. | |||||
| CVE-2014-3166 | 5 Apple, Debian, Google and 2 more | 6 Mac Os X, Debian Linux, Android and 3 more | 2018-12-13 | 5.0 MEDIUM | N/A |
| The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. | |||||
| CVE-2014-2709 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2018-12-13 | 7.5 HIGH | N/A |
| lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. | |||||
| CVE-2014-2327 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2018-12-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. | |||||
| CVE-2014-2328 | 4 Cacti, Debian, Fedoraproject and 1 more | 4 Cacti, Debian Linux, Fedora and 1 more | 2018-12-13 | 6.5 MEDIUM | N/A |
| lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2013-6632 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-12-13 | 9.3 HIGH | N/A |
| Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013. | |||||
| CVE-2013-4494 | 2 Debian, Xen | 2 Debian Linux, Xen | 2018-12-13 | 5.2 MEDIUM | N/A |
| Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. | |||||
| CVE-2012-4533 | 2 Debian, Viewvc | 2 Debian Linux, Viewvc | 2018-12-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line. | |||||
| CVE-2012-3167 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Mysql | 2018-12-04 | 3.5 LOW | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. | |||||
| CVE-2008-4360 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2018-11-29 | 7.5 HIGH | N/A |
| mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files. | |||||
| CVE-2008-4359 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2018-11-29 | 7.5 HIGH | N/A |
| lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. | |||||
| CVE-2006-0042 | 2 Apache, Debian | 2 Libapreq2, Debian Linux | 2018-11-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. | |||||
| CVE-2013-6435 | 2 Debian, Rpm | 2 Debian Linux, Rpm | 2018-11-29 | 7.6 HIGH | N/A |
| Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory. | |||||
| CVE-2010-3310 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-11-27 | 1.9 LOW | N/A |
| Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bind and rose_connect functions. | |||||
| CVE-2010-1087 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-11-16 | 7.8 HIGH | N/A |
| The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible. | |||||
| CVE-2010-1086 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-11-16 | 7.8 HIGH | N/A |
| The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE. | |||||
| CVE-2010-0307 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-11-16 | 4.7 MEDIUM | N/A |
| The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. | |||||
| CVE-2010-0410 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-11-16 | 4.9 MEDIUM | N/A |
| drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. | |||||
| CVE-2010-0291 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-11-16 | 4.6 MEDIUM | N/A |
| The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." | |||||
| CVE-2010-0159 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-16 | 10.0 HIGH | N/A |
| The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | |||||
| CVE-2010-0003 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-11-16 | 5.4 MEDIUM | N/A |
| The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. | |||||
| CVE-2009-4538 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-11-16 | 10.0 HIGH | N/A |
| drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537. | |||||
| CVE-2009-4537 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-11-16 | 7.8 HIGH | N/A |
| drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389. | |||||
| CVE-2009-4536 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-11-16 | 7.8 HIGH | N/A |
| drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385. | |||||
| CVE-2009-1895 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-11-08 | 7.2 HIGH | N/A |
| The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). | |||||
| CVE-2009-1888 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2018-11-08 | 5.8 MEDIUM | N/A |
| The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | |||||
| CVE-2009-1633 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2018-11-08 | 7.1 HIGH | N/A |
| Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. | |||||