Filtered by vendor Debian
Subscribe
Search
Total
6968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2922 | 5 Debian, Fedoraproject, Linux and 2 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2018-01-05 | 3.3 LOW | N/A |
| The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | |||||
| CVE-2015-2721 | 5 Canonical, Debian, Mozilla and 2 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2018-01-05 | 4.3 MEDIUM | N/A |
| Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. | |||||
| CVE-2015-3143 | 5 Apple, Canonical, Debian and 2 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2018-01-05 | 5.0 MEDIUM | N/A |
| cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. | |||||
| CVE-2015-3165 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X Server, Ubuntu Linux, Debian Linux and 1 more | 2018-01-05 | 4.3 MEDIUM | N/A |
| Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. | |||||
| CVE-2016-2342 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2018-01-05 | 7.6 HIGH | 8.1 HIGH |
| The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet. | |||||
| CVE-2015-1547 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. | |||||
| CVE-2016-2143 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-01-05 | 6.9 MEDIUM | 7.8 HIGH |
| The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. | |||||
| CVE-2016-5180 | 2 C-ares Project, Debian | 2 C-ares, Debian Linux | 2018-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. | |||||
| CVE-2016-1835 | 3 Apple, Canonical, Debian | 4 Iphone Os, Mac Os X, Ubuntu Linux and 1 more | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. | |||||
| CVE-2016-1526 | 4 Debian, Fedoraproject, Mozilla and 1 more | 5 Debian Linux, Fedora, Firefox Esr and 2 more | 2018-01-05 | 5.8 MEDIUM | 8.1 HIGH |
| The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font. | |||||
| CVE-2016-1245 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2018-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent. | |||||
| CVE-2016-10149 | 2 Debian, Pysaml2 Project | 2 Debian Linux, Pysaml2 | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | |||||
| CVE-2016-10002 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information. | |||||
| CVE-2015-8932 | 4 Canonical, Debian, Libarchive and 1 more | 6 Ubuntu Linux, Debian Linux, Libarchive and 3 more | 2018-01-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. | |||||
| CVE-2015-8931 | 4 Canonical, Debian, Libarchive and 1 more | 6 Ubuntu Linux, Debian Linux, Libarchive and 3 more | 2018-01-05 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. | |||||
| CVE-2015-8916 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. | |||||
| CVE-2013-5653 | 2 Artifex, Debian | 2 Afpl Ghostscript, Debian Linux | 2018-01-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | |||||
| CVE-2014-8150 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Libcurl | 2018-01-05 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL. | |||||
| CVE-2014-9655 | 2 Debian, Remotesensing | 2 Debian Linux, Libtiff | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. | |||||
| CVE-2017-17527 | 2 Debian, Pasdoc Project | 2 Debian Linux, Pasdoc | 2018-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used. | |||||
| CVE-2017-17515 | 2 Debian, Ecmwf | 2 Debian Linux, Metview | 2018-01-03 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product. | |||||
| CVE-2017-17514 | 2 Debian, Nip2 Project | 2 Debian Linux, Nip2 | 2018-01-02 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable. | |||||
| CVE-2017-5119 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-12-31 | 4.3 MEDIUM | 4.3 MEDIUM |
| Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2017-5117 | 4 Debian, Google, Linux and 1 more | 4 Debian Linux, Chrome, Linux Kernel and 1 more | 2017-12-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2017-13090 | 2 Debian, Gnu | 2 Debian Linux, Wget | 2017-12-30 | 9.3 HIGH | 8.8 HIGH |
| The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. | |||||
| CVE-2017-17439 | 2 Debian, Heimdal Project | 2 Debian Linux, Heimdal | 2017-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. | |||||
| CVE-2017-13089 | 2 Debian, Gnu | 2 Debian Linux, Wget | 2017-12-30 | 9.3 HIGH | 8.8 HIGH |
| The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. | |||||
| CVE-2014-3865 | 1 Debian | 1 Dpkg-dev | 2017-12-29 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname. | |||||
| CVE-2014-3864 | 1 Debian | 1 Dpkg-dev | 2017-12-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line. | |||||
| CVE-2017-17520 | 1 Debian | 1 Tin | 2017-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs." | |||||
| CVE-2016-1255 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Postgresql-common | 2017-12-21 | 7.2 HIGH | 7.8 HIGH |
| The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. | |||||
| CVE-2017-8822 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2017-12-21 | 4.3 MEDIUM | 3.7 LOW |
| In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012. | |||||
| CVE-2017-8820 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2017-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. | |||||
| CVE-2017-8821 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2017-12-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011. | |||||
| CVE-2017-8823 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2017-12-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013. | |||||
| CVE-2016-1253 | 1 Debian | 2 Debian Linux, Most | 2017-12-20 | 10.0 HIGH | 9.8 CRITICAL |
| The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file. | |||||
| CVE-1999-1496 | 3 Debian, Redhat, Todd Miller | 3 Debian Linux, Linux, Sudo | 2017-12-19 | 2.1 LOW | N/A |
| Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. | |||||
| CVE-2001-0458 | 4 Debian, Mandrakesoft, Ralf S. Engelschall and 1 more | 4 Debian Linux, Mandrake Linux, Eperl and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0441 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. | |||||
| CVE-2017-16613 | 2 Debian, Openstack | 3 Debian Linux, Swauth, Swift | 2017-12-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team. | |||||
| CVE-2017-16899 | 2 Debian, Xfig Project | 2 Debian Linux, Xfig | 2017-12-11 | 5.8 MEDIUM | 7.1 HIGH |
| An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c. | |||||
| CVE-2014-6272 | 2 Debian, Libevent Project | 2 Debian Linux, Libevent | 2017-12-09 | 7.5 HIGH | N/A |
| Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. | |||||
| CVE-2017-5122 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. | |||||
| CVE-2016-0739 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2017-12-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | |||||
| CVE-2016-0773 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2017-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression. | |||||
| CVE-2017-8806 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2017-12-08 | 3.6 LOW | 5.5 MEDIUM |
| The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. | |||||
| CVE-2017-8811 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2017-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. | |||||
| CVE-2017-8810 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2017-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. | |||||
| CVE-2017-8809 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. | |||||
| CVE-2017-8808 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2017-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | |||||