Filtered by vendor Debian
Subscribe
Total
9332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| rc before 1.7.1-5 insecurely creates temporary files. | |||||
| CVE-2013-2745 | 2 Debian, Minidlna Project | 2 Debian Linux, Minidlna | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 | |||||
| CVE-2014-0021 | 3 Chrony Project, Debian, Fedoraproject | 3 Chrony, Debian Linux, Fedora | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| Chrony before 1.29.1 has traffic amplification in cmdmon protocol | |||||
| CVE-2011-3596 | 2 Debian, Polipo Project | 2 Debian Linux, Polipo | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. | |||||
| CVE-2020-11729 | 2 Davical, Debian | 2 Andrew\'s Web Libraries, Debian Linux | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful. | |||||
| CVE-2014-5439 | 2 Debian, Sniffit Project | 2 Debian Linux, Sniffit | 2020-08-18 | 9.3 HIGH | 7.8 HIGH |
| Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. | |||||
| CVE-2016-1000108 | 2 Debian, Yaws | 2 Debian Linux, Yaws | 2020-08-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
| CVE-2011-3631 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2020-08-18 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. | |||||
| CVE-2017-14604 | 2 Debian, Gnome | 2 Debian Linux, Nautilus | 2020-08-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field. | |||||
| CVE-2012-5644 | 4 Debian, Fedoraproject, Libuser Project and 1 more | 4 Debian Linux, Fedora, Libuser and 1 more | 2020-08-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| libuser has information disclosure when moving user's home directory | |||||
| CVE-2019-14534 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack. | |||||
| CVE-2006-4245 | 2 Archivemail Project, Debian | 2 Archivemail, Debian Linux | 2020-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. | |||||
| CVE-2010-0749 | 3 Debian, Linux, Transmissionbt | 3 Debian Linux, Linux Kernel, Transmission | 2020-08-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. | |||||
| CVE-2013-1809 | 2 Debian, Gambas Project | 2 Debian Linux, Gambas | 2020-08-18 | 6.4 MEDIUM | 7.5 HIGH |
| Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | |||||
| CVE-2019-14533 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2020-08-18 | 6.8 MEDIUM | 7.8 HIGH |
| The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free. | |||||
| CVE-2007-0899 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible heap overflow in libclamav/fsg.c before 0.100.0. | |||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2020-08-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | |||||
| CVE-2011-2923 | 2 Debian, Linuxfoundation | 2 Debian Linux, Foomatic-filters | 2020-08-18 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2011-2924 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Foomatic-filters | 2020-08-18 | 3.3 LOW | 5.5 MEDIUM |
| foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. | |||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2020-08-18 | 6.8 MEDIUM | 8.8 HIGH |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | |||||