Filtered by vendor Debian
Subscribe
Search
Total
6968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2684 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2016-12-03 | 4.0 MEDIUM | N/A |
| Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. | |||||
| CVE-2014-9093 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2016-12-03 | 7.5 HIGH | N/A |
| LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | |||||
| CVE-2016-3993 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates. | |||||
| CVE-2016-3994 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2016-12-01 | 6.4 MEDIUM | 8.2 HIGH |
| The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read. | |||||
| CVE-2011-5326 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse. | |||||
| CVE-2014-9771 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2016-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. | |||||
| CVE-2015-2047 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2016-11-30 | 2.6 LOW | N/A |
| The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value. | |||||
| CVE-2016-7143 | 2 Charybdis Project, Debian | 2 Charybdis, Debian Linux | 2016-11-28 | 6.8 MEDIUM | 8.1 HIGH |
| The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | |||||
| CVE-2016-7118 | 1 Debian | 1 Debian Linux | 2016-11-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem. | |||||
| CVE-2016-6211 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2016-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form. | |||||
| CVE-2016-6130 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2016-11-28 | 1.9 LOW | 4.7 MEDIUM |
| Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability. | |||||
| CVE-2016-5728 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2016-11-28 | 5.4 MEDIUM | 6.3 MEDIUM |
| Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability. | |||||
| CVE-2016-2856 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2016-11-28 | 7.2 HIGH | 8.4 HIGH |
| pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. | |||||
| CVE-2015-7695 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. | |||||
| CVE-2015-5723 | 3 Debian, Doctrine-project, Zend | 10 Debian Linux, Annotations, Cache and 7 more | 2016-11-28 | 7.2 HIGH | 7.8 HIGH |
| Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. | |||||
| CVE-2014-9906 | 2 Dbd-mysql Project, Debian | 2 Dbd-mysql, Debian Linux | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection. | |||||
| CVE-2014-8602 | 3 Canonical, Debian, Nlnetlabs | 3 Ubuntu Linux, Debian Linux, Unbound | 2016-11-28 | 4.3 MEDIUM | N/A |
| iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. | |||||
| CVE-2013-6410 | 3 Canonical, Debian, Wouter Verhelst | 3 Ubuntu Linux, Debian Linux, Nbd | 2016-11-28 | 7.5 HIGH | N/A |
| nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file. | |||||
| CVE-2014-3564 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Gpgme | 2016-10-18 | 6.8 MEDIUM | N/A |
| Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." | |||||
| CVE-2013-7439 | 3 Canonical, Debian, X.org | 4 Ubuntu Linux, Debian Linux, Libx11 and 1 more | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. | |||||
| CVE-2004-1076 | 2 Atari800, Debian | 2 Atari800, Debian Linux | 2016-10-18 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file. | |||||
| CVE-2003-0385 | 1 Debian | 1 Debian Linux | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option. | |||||
| CVE-2003-0382 | 2 Debian, Michael Jennings | 2 Debian Linux, Eterm | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable. | |||||
| CVE-2002-1232 | 3 Debian, Hp, Redhat | 3 Debian Linux, Secure Os, Linux | 2016-10-18 | 5.0 MEDIUM | N/A |
| Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. | |||||
| CVE-2001-0112 | 2 Debian, Sam Lantinga | 2 Debian Linux, Splitvt | 2016-10-18 | 7.2 HIGH | N/A |
| Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands. | |||||
| CVE-2000-0076 | 2 Berkeley, Debian | 2 Nvi, Debian Linux | 2016-10-18 | 2.1 LOW | N/A |
| nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. | |||||
| CVE-2000-0315 | 5 Debian, Digital, Netbsd and 2 more | 5 Debian Linux, Unix, Netbsd and 2 more | 2016-10-18 | 5.0 MEDIUM | N/A |
| traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. | |||||
| CVE-2000-0314 | 5 Debian, Digital, Netbsd and 2 more | 5 Debian Linux, Unix, Netbsd and 2 more | 2016-10-18 | 5.0 MEDIUM | N/A |
| traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. | |||||
| CVE-2000-0112 | 1 Debian | 1 Debian Linux | 2016-10-18 | 7.2 HIGH | N/A |
| The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. | |||||
| CVE-1999-1411 | 1 Debian | 1 Debian Linux | 2016-10-18 | 7.5 HIGH | N/A |
| The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp. | |||||
| CVE-1999-1330 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2016-10-18 | 4.6 MEDIUM | N/A |
| The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf. | |||||
| CVE-1999-1182 | 6 Caldera, Debian, Delix and 3 more | 6 Openlinux Lite, Debian Linux, Dld and 3 more | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error. | |||||
| CVE-2016-7424 | 2 Debian, Libav | 2 Debian Linux, Libav | 2016-10-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. | |||||
| CVE-2015-8875 | 2 Debian, Gnome | 2 Debian Linux, Gdk-pixbuf | 2016-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-6801 | 2 Apache, Debian | 2 Jackrabbit, Debian Linux | 2016-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header. | |||||
| CVE-2016-3698 | 4 Canonical, Debian, Libndp and 1 more | 10 Ubuntu Linux, Debian Linux, Libndp and 7 more | 2016-10-04 | 6.8 MEDIUM | 8.1 HIGH |
| libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network. | |||||
| CVE-2016-7176 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2016-09-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. | |||||
| CVE-2016-7177 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2016-09-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet. | |||||
| CVE-2016-7179 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2016-09-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-7180 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2016-09-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. | |||||
| CVE-2016-7178 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2016-09-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. | |||||
| CVE-1999-0732 | 1 Debian | 1 Debian Linux | 2016-09-17 | 2.1 LOW | N/A |
| The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. | |||||
| CVE-2014-8601 | 2 Debian, Powerdns | 2 Debian Linux, Recursor | 2016-09-06 | 5.0 MEDIUM | N/A |
| PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. | |||||
| CVE-2012-6684 | 2 Debian, Redcloth | 2 Debian Linux, Redcloth Library | 2016-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. | |||||
| CVE-2014-1829 | 4 Canonical, Debian, Mageia and 1 more | 4 Ubuntu Linux, Debian Linux, Mageia and 1 more | 2016-08-30 | 5.0 MEDIUM | N/A |
| Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | |||||
| CVE-2014-7204 | 3 Canonical, Debian, Mageia | 4 Ubuntu Linux, Debian Linux, Exuberant Ctags and 1 more | 2016-08-30 | 5.0 MEDIUM | N/A |
| jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | |||||
| CVE-2013-6892 | 2 Debian, Websvn | 2 Debian Linux, Websvn | 2016-08-26 | 3.5 LOW | N/A |
| WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit. | |||||
| CVE-2014-0159 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2016-08-24 | 5.0 MEDIUM | N/A |
| Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument. | |||||
| CVE-2013-4135 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2016-08-24 | 4.3 MEDIUM | N/A |
| The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4134 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2016-08-24 | 4.3 MEDIUM | N/A |
| OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. | |||||