Filtered by vendor Debian
Subscribe
Total
9274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4738 | 2 Apple, Debian | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||||
| CVE-2015-5727 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |||||
| CVE-2016-5772 | 4 Debian, Opensuse, Php and 1 more | 7 Debian Linux, Leap, Opensuse and 4 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. | |||||
| CVE-2014-2497 | 6 Canonical, Debian, Oracle and 3 more | 12 Ubuntu Linux, Debian Linux, Solaris and 9 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. | |||||
| CVE-2014-3127 | 1 Debian | 1 Dpkg | 2025-04-12 | 7.1 HIGH | N/A |
| dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471. | |||||
| CVE-2016-3712 | 6 Canonical, Citrix, Debian and 3 more | 11 Ubuntu Linux, Xenserver, Debian Linux and 8 more | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | |||||
| CVE-2013-6474 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2015-8744 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. | |||||
| CVE-2016-6132 | 3 Debian, Libgd, Opensuse | 3 Debian Linux, Libgd, Leap | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |||||
| CVE-2015-2041 | 3 Debian, Linux, Suse | 3 Debian Linux, Linux Kernel, Suse Linux Enterprise Server | 2025-04-12 | 4.6 MEDIUM | N/A |
| net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. | |||||
| CVE-2014-9667 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. | |||||
| CVE-2016-5180 | 5 C-ares, C-ares Project, Canonical and 2 more | 5 C-ares, C-ares, Ubuntu Linux and 2 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. | |||||
| CVE-2015-2575 | 3 Debian, Mysql, Suse | 5 Debian Linux, Mysql, Linux Enterprise Desktop and 2 more | 2025-04-12 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. | |||||
| CVE-2015-0564 | 4 Debian, Opensuse, Oracle and 1 more | 5 Debian Linux, Opensuse, Linux and 2 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session. | |||||
| CVE-2014-6276 | 2 Debian, Roundup-tracker | 2 Debian Linux, Roundup | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details. | |||||
| CVE-2014-9030 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | 7.1 HIGH | N/A |
| The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. | |||||
| CVE-2014-2398 | 5 Canonical, Debian, Ibm and 2 more | 8 Ubuntu Linux, Debian Linux, Forms Viewer and 5 more | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. | |||||
| CVE-2015-2754 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2025-04-12 | 6.8 MEDIUM | N/A |
| FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF." | |||||
| CVE-2016-2047 | 6 Canonical, Debian, Mariadb and 3 more | 7 Ubuntu Linux, Debian Linux, Mariadb and 4 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." | |||||
| CVE-2016-1674 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||