Filtered by vendor Debian
Subscribe
Search
Total
1227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0512 | 1 Debian | 1 Debian Linux | 2017-10-10 | 5.0 MEDIUM | N/A |
| CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. | |||||
| CVE-2000-1135 | 1 Debian | 1 Debian Linux | 2017-10-10 | 4.6 MEDIUM | N/A |
| fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack. | |||||
| CVE-2000-1136 | 1 Debian | 1 Elvis Tiny | 2017-10-10 | 4.6 MEDIUM | N/A |
| elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack. | |||||
| CVE-2001-0430 | 1 Debian | 1 Debian Linux | 2017-10-10 | 3.6 LOW | N/A |
| Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. | |||||
| CVE-2001-0125 | 3 Debian, Exmh, Mandrakesoft | 4 Debian Linux, Exmh, Mandrake Linux and 1 more | 2017-10-10 | 1.2 LOW | N/A |
| exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. | |||||
| CVE-2009-1341 | 1 Debian | 1 Libdbd-pg-perl | 2017-09-29 | 5.0 MEDIUM | N/A |
| Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. | |||||
| CVE-2008-3234 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2017-09-29 | 6.5 MEDIUM | N/A |
| sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. | |||||
| CVE-2007-3919 | 2 Debian, Xensource Inc | 2 Debian Linux, Xen | 2017-09-29 | 6.0 MEDIUM | N/A |
| (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | |||||
| CVE-2015-5144 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2017-09-22 | 4.3 MEDIUM | N/A |
| Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. | |||||
| CVE-2015-1330 | 2 Canonical, Debian | 2 Ubuntu Linux, Unattended-upgrades | 2017-09-22 | 6.8 MEDIUM | N/A |
| unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors. | |||||
| CVE-2015-5143 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2017-09-22 | 7.8 HIGH | N/A |
| The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. | |||||
| CVE-2015-5400 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2017-09-22 | 6.8 MEDIUM | N/A |
| Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | |||||
| CVE-2015-5623 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2017-09-21 | 4.0 MEDIUM | N/A |
| WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php. | |||||
| CVE-2013-2855 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-2900 | 3 Debian, Google, Microsoft | 3 Debian Linux, Chrome, Windows | 2017-09-19 | 7.5 HIGH | N/A |
| The FilePath::ReferencesParent function in files/file_path.cc in Google Chrome before 29.0.1547.57 on Windows does not properly handle pathname components composed entirely of . (dot) and whitespace characters, which allows remote attackers to conduct directory traversal attacks via a crafted directory name. | |||||
| CVE-2013-2901 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-2902 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the XSLT ProcessingInstruction implementation in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to an applyXSLTransform call involving (1) an HTML document or (2) an xsl:processing-instruction element that is still in the process of loading. | |||||
| CVE-2013-2903 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument function in core/html/HTMLMediaElement.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving moving a (1) AUDIO or (2) VIDEO element between documents. | |||||
| CVE-2013-2904 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document. | |||||
| CVE-2013-2905 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file. | |||||
| CVE-2013-2856 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. | |||||
| CVE-2013-2857 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. | |||||
| CVE-2013-2858 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-2859 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. | |||||
| CVE-2013-2860 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. | |||||
| CVE-2013-2861 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-2862 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-2863 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 10.0 HIGH | N/A |
| Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2013-2865 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-2867 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Google Chrome before 28.0.1500.71 does not properly prevent pop-under windows, which allows remote attackers to have an unspecified impact via a crafted web site. | |||||
| CVE-2013-2868 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors. | |||||
| CVE-2013-2869 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 4.3 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted JPEG2000 image. | |||||
| CVE-2013-2870 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request. | |||||
| CVE-2013-2873 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources. | |||||
| CVE-2013-2876 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial page. | |||||
| CVE-2013-2878 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 5.0 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the handling of text. | |||||
| CVE-2013-2879 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 5.8 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site. | |||||
| CVE-2013-2881 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 5.8 MEDIUM | N/A |
| Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2013-2884 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the DOM implementation in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper tracking of which document owns an Attr object. | |||||
| CVE-2013-2882 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Openstack | 2017-09-19 | 7.5 HIGH | N/A |
| Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||||
| CVE-2013-2883 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to deleting the registration of a MutationObserver object. | |||||
| CVE-2013-2886 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-19 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2012-4048 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2017-09-19 | 3.3 LOW | N/A |
| The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. | |||||
| CVE-2015-1265 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-17 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-7498 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2017-09-14 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. | |||||
| CVE-2015-8241 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2017-09-14 | 6.4 MEDIUM | N/A |
| The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | |||||
| CVE-2015-8317 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2017-09-14 | 5.0 MEDIUM | N/A |
| The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. | |||||
| CVE-2015-7497 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2017-09-14 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2014-9112 | 2 Debian, Gnu | 2 Debian Linux, Cpio | 2017-09-08 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. | |||||
| CVE-2014-7209 | 1 Debian | 1 Mime-support | 2017-09-08 | 7.5 HIGH | N/A |
| run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||