Filtered by vendor Debian
Subscribe
Search
Total
6968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5255 | 2 Debian, Xcfa Project | 2 Debian Linux, Xcfa | 2019-12-03 | 4.4 MEDIUM | 7.0 HIGH |
| xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254. | |||||
| CVE-2018-17540 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2019-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. | |||||
| CVE-2018-16152 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2019-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. | |||||
| CVE-2018-16151 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2019-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. | |||||
| CVE-2014-1935 | 2 9base Project, Debian | 2 9base, Debian Linux | 2019-11-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. | |||||
| CVE-2011-2910 | 2 Debian, Linux-ax25 | 2 Debian Linux, Ax25-tools | 2019-11-26 | 7.2 HIGH | 6.7 MEDIUM |
| The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation. | |||||
| CVE-2012-0812 | 2 Debian, Postfix Admin Project | 2 Debian Linux, Postfix Admin | 2019-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| PostfixAdmin 2.3.4 has multiple XSS vulnerabilities | |||||
| CVE-2019-18890 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-11-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. | |||||
| CVE-2015-2927 | 3 Debian, Nodejs, Uronode | 3 Debian Linux, Node.js, Uro Node | 2019-11-25 | 6.8 MEDIUM | 6.5 MEDIUM |
| node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | |||||
| CVE-2012-2350 | 2 Debian, Pam Shield Project | 2 Debian Linux, Pam Shield | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| pam_shield before 0.9.4: Default configuration does not perform protective action | |||||
| CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | |||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2019-11-25 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2019-11-25 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2015-5694 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Designate, Enterprise Linux Openstack Platform | 2019-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Designate does not enforce the DNS protocol limit concerning record set sizes | |||||
| CVE-2010-4817 | 2 Debian, Pithos Project | 2 Debian Linux, Pithos | 2019-11-25 | 3.6 LOW | 5.5 MEDIUM |
| pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. | |||||
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| rc before 1.7.1-5 insecurely creates temporary files. | |||||
| CVE-2015-7810 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2019-11-25 | 3.3 LOW | 4.7 MEDIUM |
| libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | |||||
| CVE-2014-6310 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2019-11-25 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | |||||
| CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | |||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| mono 2.10.x ASP.NET Web Form Hash collision DoS | |||||
| CVE-2015-1606 | 2 Debian, Gnupg | 2 Debian Linux, Gnupg | 2019-11-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. | |||||
| CVE-2015-3167 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | |||||
| CVE-2012-0843 | 2 Debian, Uzbl | 2 Debian Linux, Uzbl | 2019-11-22 | 2.1 LOW | 5.5 MEDIUM |
| uzbl: Information disclosure via world-readable cookies storage file | |||||
| CVE-2015-3166 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2019-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | |||||
| CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. | |||||
| CVE-2018-8048 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2019-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | |||||
| CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2019-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | |||||
| CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2019-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | |||||
| CVE-2009-5047 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jetty 6.x through 6.1.22 suffers from an escape sequence injection vulnerability from an attack vector by means of: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The attack vector in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a consonant string (string including only letters). | |||||
| CVE-2016-1000236 | 2 Cookie-signature Project, Debian | 2 Cookie-signature, Debian Linux | 2019-11-21 | 3.5 LOW | 4.4 MEDIUM |
| Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. | |||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | |||||
| CVE-2013-1817 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2019-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information. | |||||
| CVE-2019-16993 | 2 Debian, Phpbb | 2 Debian Linux, Phpbb | 2019-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them. | |||||
| CVE-2012-0842 | 2 Debian, Suckless | 2 Debian Linux, Surf | 2019-11-20 | 2.1 LOW | 5.5 MEDIUM |
| surf: cookie jar has read access from other local user | |||||
| CVE-2011-1490 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2019-11-20 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset | |||||
| CVE-2011-1489 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2019-11-20 | 2.1 LOW | 5.5 MEDIUM |
| A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. | |||||
| CVE-2013-7087 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2019-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| ClamAV before 0.97.7 has WWPack corrupt heap memory | |||||
| CVE-2013-7088 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2019-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| ClamAV before 0.97.7 has buffer overflow in the libclamav component | |||||
| CVE-2013-7089 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2019-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| ClamAV before 0.97.7: dbg_printhex possible information leak | |||||
| CVE-2010-4657 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Enterprise Linux | 2019-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | |||||
| CVE-2011-1930 | 2 Debian, Klibc Project | 2 Debian Linux, Klibc | 2019-11-19 | 10.0 HIGH | 9.8 CRITICAL |
| In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options. | |||||
| CVE-2011-1145 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2019-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | |||||
| CVE-2011-1588 | 3 Debian, Opensuse, Xfce | 3 Debian Linux, Opensuse, Thunar | 2019-11-19 | 6.8 MEDIUM | 7.8 HIGH |
| Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error. | |||||
| CVE-2011-1488 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2019-11-19 | 1.9 LOW | 5.5 MEDIUM |
| A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. | |||||
| CVE-2010-3844 | 2 Debian, Ettercap-project | 2 Debian Linux, Ettercap | 2019-11-18 | 6.8 MEDIUM | 8.8 HIGH |
| An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack. | |||||
| CVE-2010-4661 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2019-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules. | |||||
| CVE-2011-1070 | 2 Debian, V86d Project | 2 Debian Linux, V86d | 2019-11-18 | 7.2 HIGH | 7.8 HIGH |
| v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. | |||||
| CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2019-11-18 | 6.3 MEDIUM | 4.7 MEDIUM |
| In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | |||||
| CVE-2010-4653 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2019-11-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts. | |||||
| CVE-2010-4654 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2019-11-18 | 9.3 HIGH | 7.8 HIGH |
| poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. | |||||