Filtered by vendor Debian
Subscribe
Total
9332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15518 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2020-09-28 | 6.8 MEDIUM | 8.8 HIGH |
| QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | |||||
| CVE-2018-19870 | 3 Debian, Opensuse, Qt | 3 Debian Linux, Leap, Qt | 2020-09-28 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. | |||||
| CVE-2018-18873 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | |||||
| CVE-2018-19543 | 4 Canonical, Debian, Jasper Project and 1 more | 5 Ubuntu Linux, Debian Linux, Jasper and 2 more | 2020-09-25 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c. | |||||
| CVE-2018-20570 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2020-09-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | |||||
| CVE-2018-19139 | 3 Debian, Jasper Project, Redhat | 3 Debian Linux, Jasper, Fedora | 2020-09-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | |||||
| CVE-2020-24660 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package. | |||||
| CVE-2016-9401 | 3 Debian, Gnu, Redhat | 8 Debian Linux, Bash, Enterprise Linux Desktop and 5 more | 2020-09-14 | 2.1 LOW | 5.5 MEDIUM |
| popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | |||||
| CVE-2016-7142 | 2 Debian, Inspircd | 2 Debian Linux, Inspircd | 2020-09-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. | |||||
| CVE-2015-8702 | 2 Debian, Inspircd | 2 Debian Linux, Inspircd | 2020-09-14 | 7.8 HIGH | 8.6 HIGH |
| The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname. | |||||
| CVE-2015-6674 | 2 Debian, Inspircd | 2 Debian Linux, Inspircd | 2020-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836. | |||||
| CVE-2020-25073 | 1 Debian | 1 Freedombox | 2020-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. | |||||
| CVE-2015-8806 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2020-09-11 | 5.0 MEDIUM | 7.5 HIGH |
| dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. | |||||
| CVE-2015-8613 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-11 | 1.9 LOW | 6.5 MEDIUM |
| Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. | |||||
| CVE-2017-16845 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-09-10 | 6.4 MEDIUM | 10.0 CRITICAL |
| hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | |||||
| CVE-2015-8568 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-10 | 4.7 MEDIUM | 6.5 MEDIUM |
| Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. | |||||
| CVE-2017-8112 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-09-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | |||||
| CVE-2018-17958 | 4 Canonical, Debian, Qemu and 1 more | 6 Ubuntu Linux, Debian Linux, Qemu and 3 more | 2020-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | |||||
| CVE-2016-2381 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more | 2020-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | |||||
| CVE-2018-14404 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2020-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. | |||||