Filtered by vendor Debian
Subscribe
Total
10135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2575 | 3 Debian, Mysql, Suse | 5 Debian Linux, Mysql, Linux Enterprise Desktop and 2 more | 2025-04-12 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. | |||||
| CVE-2014-1829 | 4 Canonical, Debian, Mageia and 1 more | 4 Ubuntu Linux, Debian Linux, Mageia and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | |||||
| CVE-2016-4082 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. | |||||
| CVE-2015-3209 | 8 Arista, Canonical, Debian and 5 more | 19 Eos, Ubuntu Linux, Debian Linux and 16 more | 2025-04-12 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. | |||||
| CVE-2014-0459 | 3 Canonical, Debian, Oracle | 4 Ubuntu Linux, Debian Linux, Jdk and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. | |||||
| CVE-2016-2860 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. | |||||
| CVE-2014-3165 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. | |||||
| CVE-2015-7974 | 4 Debian, Netapp, Ntp and 1 more | 8 Debian Linux, Clustered Data Ontap, Oncommand Balance and 5 more | 2025-04-12 | 4.0 MEDIUM | 7.7 HIGH |
| NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |||||
| CVE-2014-8867 | 4 Debian, Opensuse, Redhat and 1 more | 5 Debian Linux, Opensuse, Enterprise Linux and 2 more | 2025-04-12 | 4.9 MEDIUM | N/A |
| The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors. | |||||
| CVE-2016-1651 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Chrome, Leap and 1 more | 2025-04-12 | 5.8 MEDIUM | 8.1 HIGH |
| fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document. | |||||
| CVE-2015-3234 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | 4.3 MEDIUM | N/A |
| The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. | |||||
| CVE-2016-2335 | 3 7-zip, Debian, Opensuse | 3 7-zip, Debian Linux, Opensuse | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file. | |||||
| CVE-2015-5343 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2025-04-12 | 8.0 HIGH | 7.6 HIGH |
| Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. | |||||
| CVE-2014-0462 | 3 Canonical, Debian, Oracle | 3 Ubuntu Linux, Debian Linux, Openjdk | 2025-04-12 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405. | |||||
| CVE-2015-1236 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2025-04-12 | 4.3 MEDIUM | N/A |
| The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. | |||||
| CVE-2014-0198 | 6 Debian, Fedoraproject, Mariadb and 3 more | 9 Debian Linux, Fedora, Mariadb and 6 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. | |||||
| CVE-2015-1240 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
| gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency. | |||||
| CVE-2016-3710 | 7 Canonical, Citrix, Debian and 4 more | 15 Ubuntu Linux, Xenserver, Debian Linux and 12 more | 2025-04-12 | 7.2 HIGH | 8.8 HIGH |
| The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | |||||
| CVE-2015-7512 | 4 Debian, Oracle, Qemu and 1 more | 9 Debian Linux, Linux, Qemu and 6 more | 2025-04-12 | 6.8 MEDIUM | 9.0 CRITICAL |
| Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. | |||||
| CVE-2014-5119 | 2 Debian, Gnu | 2 Debian Linux, Glibc | 2025-04-12 | 7.5 HIGH | N/A |
| Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. | |||||