Filtered by vendor Debian
Subscribe
Search
Total
6968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17997 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. | |||||
| CVE-2017-15191 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. | |||||
| CVE-2017-11407 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. | |||||
| CVE-2018-7600 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | |||||
| CVE-2018-7554 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2019-03-01 | 7.5 HIGH | 9.8 CRITICAL |
| There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | |||||
| CVE-2018-12397 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Firefox and 5 more | 2019-03-01 | 3.6 LOW | 7.1 HIGH |
| A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63. | |||||
| CVE-2017-7747 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. | |||||
| CVE-2018-0496 | 2 Debian, Dinknetwork | 3 Debian Linux, Dfarc, Dfarc2 | 2019-03-01 | 6.4 MEDIUM | 7.5 HIGH |
| Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system. | |||||
| CVE-2017-7703 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. | |||||
| CVE-2018-7537 | 3 Canonical, Debian, Djangoproject | 3 Ubuntu Linux, Debian Linux, Django | 2019-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | |||||
| CVE-2018-7995 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
| ** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory. NOTE: a third party has indicated that this report is not security relevant. | |||||
| CVE-2018-7033 | 2 Debian, Schedmd | 2 Debian Linux, Slurm | 2019-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. | |||||
| CVE-2018-7050 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. | |||||
| CVE-2018-7051 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings. | |||||
| CVE-2018-7187 | 2 Debian, Golang | 2 Debian Linux, Go | 2019-02-28 | 9.3 HIGH | 8.8 HIGH |
| The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | |||||
| CVE-2018-7052 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur. | |||||
| CVE-2018-7053 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order. | |||||
| CVE-2018-8781 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2019-02-28 | 7.2 HIGH | 7.8 HIGH |
| The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. | |||||
| CVE-2018-9259 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. This was addressed in epan/dissectors/file-mp4.c by restricting the box recursion depth. | |||||
| CVE-2018-9260 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. This was addressed in epan/dissectors/packet-ieee802154.c by ensuring that an allocation step occurs. | |||||
| CVE-2018-9256 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. | |||||
| CVE-2018-9262 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-02-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. This was addressed in epan/dissectors/packet-vlan.c by limiting VLAN tag nesting to restrict the recursion depth. | |||||
| CVE-2018-9258 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2019-02-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by preserving valid data sources. | |||||
| CVE-2019-5783 | 2 Debian, Google | 2 Debian Linux, Chrome | 2019-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| Missing URI encoding of untrusted input in DevTools in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform a Dangling Markup Injection attack via a crafted HTML page. | |||||
| CVE-2016-3159 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2019-02-21 | 1.7 LOW | 3.8 LOW |
| The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
| CVE-2016-2105 | 7 Apple, Canonical, Debian and 4 more | 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more | 2019-02-21 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | |||||
| CVE-2016-0705 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Android and 2 more | 2019-02-20 | 10.0 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. | |||||
| CVE-2016-0592 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-19 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core. | |||||
| CVE-2016-0495 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-14 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core. | |||||
| CVE-2015-8104 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2019-02-13 | 4.7 MEDIUM | N/A |
| The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | |||||
| CVE-2015-5343 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2019-02-12 | 8.0 HIGH | 7.6 HIGH |
| Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. | |||||
| CVE-2015-5307 | 5 Canonical, Debian, Linux and 2 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2019-02-12 | 4.9 MEDIUM | N/A |
| The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | |||||
| CVE-2015-4896 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core. | |||||
| CVE-2015-4737 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-02-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth. | |||||
| CVE-2015-4752 | 4 Canonical, Debian, Oracle and 1 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2019-02-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. | |||||
| CVE-2015-4757 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Mysql | 2019-02-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||||
| CVE-2015-3012 | 3 Debian, Kogmbh, Owncloud | 3 Debian Linux, Webodf, Owncloud | 2019-02-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. | |||||
| CVE-2015-4813 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-11 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. | |||||
| CVE-2015-3194 | 3 Canonical, Debian, Openssl | 3 Ubuntu Linux, Debian Linux, Openssl | 2019-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. | |||||
| CVE-2018-6152 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-02-05 | 6.8 MEDIUM | 9.6 CRITICAL |
| The implementation of the Page.downloadBehavior backend unconditionally marked downloaded files as safe, regardless of file type in Google Chrome prior to 66.0.3359.117 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page and user interaction. | |||||
| CVE-2015-2620 | 4 Canonical, Debian, Juniper and 1 more | 5 Ubuntu Linux, Debian Linux, Junos Space and 2 more | 2019-02-05 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. | |||||
| CVE-2015-2559 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-02-05 | 3.5 LOW | N/A |
| Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | |||||
| CVE-2015-2648 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Mysql and 1 more | 2019-02-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
| CVE-2015-2643 | 4 Canonical, Debian, Oracle and 1 more | 5 Ubuntu Linux, Debian Linux, Mysql and 2 more | 2019-02-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||||
| CVE-2015-2594 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2019-02-05 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | |||||
| CVE-2015-2571 | 4 Canonical, Debian, Novell and 1 more | 7 Ubuntu Linux, Debian Linux, Suse Linux and 4 more | 2019-02-05 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||||
| CVE-2015-2568 | 4 Canonical, Debian, Novell and 1 more | 8 Ubuntu Linux, Debian Linux, Suse Linux and 5 more | 2019-02-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. | |||||
| CVE-2015-0433 | 4 Canonical, Debian, Novell and 1 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2019-02-01 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. | |||||
| CVE-2015-0374 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2019-02-01 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. | |||||
| CVE-2015-0381 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2019-02-01 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. | |||||