Filtered by vendor Debian
Subscribe
Total
9276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1839 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2014-8098 | 2 Debian, X.org | 4 Debian Linux, X11, Xfree86 and 1 more | 2025-04-12 | 6.5 MEDIUM | N/A |
| The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function. | |||||
| CVE-2016-5421 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-9747 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. | |||||
| CVE-2016-5107 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2025-04-12 | 1.9 LOW | 6.0 MEDIUM |
| The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. | |||||
| CVE-2015-8631 | 5 Debian, Mit, Opensuse and 2 more | 11 Debian Linux, Kerberos 5, Leap and 8 more | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. | |||||
| CVE-2016-7178 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet. | |||||
| CVE-2015-2724 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2025-04-12 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-1272 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2025-04-12 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the continued availability of a GPUChannelHost data structure during Blink shutdown, related to content/browser/gpu/browser_gpu_channel_host_factory.cc and content/renderer/render_thread_impl.cc. | |||||
| CVE-2014-0487 | 1 Debian | 1 Advanced Package Tool | 2025-04-12 | 7.5 HIGH | N/A |
| APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. | |||||
| CVE-2015-0235 | 7 Apple, Debian, Gnu and 4 more | 18 Mac Os X, Debian Linux, Glibc and 15 more | 2025-04-12 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." | |||||
| CVE-2016-2856 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2025-04-12 | 7.2 HIGH | 8.4 HIGH |
| pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. | |||||
| CVE-2015-2735 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | |||||
| CVE-2016-3992 | 3 Cronic Project, Debian, Opensuse | 4 Cronic, Debian Linux, Leap and 1 more | 2025-04-12 | 4.9 MEDIUM | 6.2 MEDIUM |
| cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. | |||||
| CVE-2014-0488 | 1 Debian | 1 Advanced Package Tool | 2025-04-12 | 6.8 MEDIUM | N/A |
| APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. | |||||
| CVE-2016-6662 | 5 Debian, Mariadb, Oracle and 2 more | 12 Debian Linux, Mariadb, Mysql and 9 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. | |||||
| CVE-2014-8157 | 4 Debian, Jasper Project, Opensuse and 1 more | 4 Debian Linux, Jasper, Opensuse and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
| Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-8932 | 4 Canonical, Debian, Libarchive and 1 more | 6 Ubuntu Linux, Debian Linux, Libarchive and 3 more | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. | |||||
| CVE-2014-3480 | 5 Debian, File Project, Opensuse and 2 more | 5 Debian Linux, File, Opensuse and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | |||||
| CVE-2016-5766 | 6 Debian, Fedoraproject, Freebsd and 3 more | 7 Debian Linux, Fedora, Freebsd and 4 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | |||||