Total
9187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6422 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Libcurl | 2016-04-07 | 4.0 MEDIUM | N/A |
| The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2014-9036 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2016-04-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. | |||||
| CVE-2014-9035 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2016-04-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-7448 | 2 Debian, Didiwiki Project | 2 Debian Linux, Didiwiki | 2016-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get. | |||||
| CVE-2016-1233 | 1 Debian | 2 Debian Linux, Fuse | 2016-02-01 | 7.2 HIGH | 7.8 HIGH |
| An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | |||||
| CVE-2014-4911 | 2 Debian, Polarssl | 2 Debian Linux, Polarssl | 2015-12-04 | 5.0 MEDIUM | N/A |
| The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. | |||||
| CVE-2015-0859 | 1 Debian | 1 Debian Linux | 2015-12-04 | 7.5 HIGH | N/A |
| The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments. | |||||
| CVE-2014-5266 | 3 Debian, Drupal, Wordpress | 3 Debian Linux, Drupal, Wordpress | 2015-11-25 | 5.0 MEDIUM | N/A |
| The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265. | |||||
| CVE-2014-5265 | 3 Debian, Drupal, Wordpress | 3 Debian Linux, Drupal, Wordpress | 2015-11-25 | 5.0 MEDIUM | N/A |
| The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
| CVE-2014-5240 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2015-11-25 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL. | |||||
| CVE-2014-5204 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2015-11-25 | 6.8 MEDIUM | N/A |
| wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack. | |||||
| CVE-2014-9057 | 2 Debian, Sixapart | 2 Debian Linux, Movable Type | 2015-11-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1165 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2015-10-28 | 5.0 MEDIUM | N/A |
| RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. | |||||
| CVE-2015-0885 | 2 Checkpw Project, Debian | 2 Checkpw, Debian Linux | 2015-09-24 | 5.0 MEDIUM | N/A |
| checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username. | |||||
| CVE-2015-6587 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2015-09-02 | 4.0 MEDIUM | N/A |
| The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. | |||||
| CVE-2015-6525 | 2 Debian, Libevent Project | 2 Debian Linux, Libevent | 2015-08-26 | 7.5 HIGH | N/A |
| Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. | |||||
| CVE-2015-0971 | 2 Debian, Openinfosecfoundation | 2 Debian Linux, Suricata | 2015-05-15 | 5.0 MEDIUM | N/A |
| The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. | |||||
| CVE-2015-0838 | 2 Debian, Dulwich Project | 2 Debian Linux, Dulwich | 2015-04-01 | 7.5 HIGH | N/A |
| Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. | |||||
| CVE-2014-2405 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Openjdk | 2014-05-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462. | |||||
| CVE-2014-0462 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Openjdk | 2014-05-14 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405. | |||||