Filtered by vendor Debian
Subscribe
Total
9332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18820 | 2 Debian, Xiph | 2 Debian Linux, Icecast | 2019-01-23 | 6.8 MEDIUM | 8.1 HIGH |
| A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. | |||||
| CVE-2018-20430 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2019-01-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c. | |||||
| CVE-2018-20431 | 2 Debian, Gnu | 2 Debian Linux, Libextractor | 2019-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. | |||||
| CVE-2016-10729 | 3 Debian, Redhat, Zmanda | 3 Debian Linux, Enterprise Linux, Amanda | 2019-01-09 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. | |||||
| CVE-2014-9015 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2018-12-20 | 6.8 MEDIUM | N/A |
| Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions. | |||||
| CVE-2014-10077 | 2 Debian, I18n Project | 2 Debian Linux, I18n | 2018-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | |||||
| CVE-2014-2709 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2018-12-13 | 7.5 HIGH | N/A |
| lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. | |||||
| CVE-2014-2328 | 4 Cacti, Debian, Fedoraproject and 1 more | 4 Cacti, Debian Linux, Fedora and 1 more | 2018-12-13 | 6.5 MEDIUM | N/A |
| lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. | |||||
| CVE-2014-2327 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2018-12-13 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. | |||||
| CVE-2013-6632 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-12-13 | 9.3 HIGH | N/A |
| Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013. | |||||
| CVE-2013-4494 | 2 Debian, Xen | 2 Debian Linux, Xen | 2018-12-13 | 5.2 MEDIUM | N/A |
| Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors. | |||||
| CVE-2018-19141 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2018-12-12 | 3.5 LOW | 4.8 MEDIUM |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | |||||
| CVE-2018-19200 | 2 Debian, Uriparser Project | 2 Debian Linux, Uriparser | 2018-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. | |||||
| CVE-2018-18718 | 2 Debian, Gnome | 2 Debian Linux, Gthumb | 2018-12-07 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in gThumb through 3.6.2. There is a double-free vulnerability in the add_themes_from_dir method in dlg-contact-sheet.c because of two successive calls of g_free, each of which frees the same buffer. | |||||
| CVE-2018-12385 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2018-12-06 | 4.4 MEDIUM | 7.0 HIGH |
| A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. | |||||
| CVE-2018-5187 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61. | |||||
| CVE-2018-12387 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2018-12-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. | |||||
| CVE-2018-12386 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2018-12-06 | 5.8 MEDIUM | 8.1 HIGH |
| A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. | |||||
| CVE-2018-12379 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-12-06 | 4.6 MEDIUM | 7.8 HIGH |
| When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | |||||
| CVE-2018-12378 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. | |||||