Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7437 2 Debian, Freexl Project 2 Debian Linux, Freexl 2020-07-26 6.8 MEDIUM 8.8 HIGH
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function.
CVE-2018-7438 2 Debian, Freexl Project 2 Debian Linux, Freexl 2020-07-26 6.8 MEDIUM 8.8 HIGH
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function.
CVE-2018-7439 2 Debian, Freexl Project 2 Debian Linux, Freexl 2020-07-26 6.8 MEDIUM 8.8 HIGH
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.
CVE-2017-1000501 2 Awstats, Debian 2 Awstats, Debian Linux 2020-07-26 7.5 HIGH 9.8 CRITICAL
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.
CVE-2015-8837 3 Debian, Fedoraproject, Fuseiso Project 3 Debian Linux, Fedora, Fuseiso 2020-07-26 6.8 MEDIUM 7.3 HIGH
Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.
CVE-2019-12068 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2020-07-26 2.1 LOW 3.8 LOW
In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi adapter emulator advances 's->dsp' index to read next opcode. This can lead to an infinite loop if the next opcode is empty. Move the existing loop exit after 10k iterations so that it covers no-op opcodes as well.
CVE-2011-0480 3 Canonical, Debian, Google 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2020-07-24 9.3 HIGH N/A
Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.
CVE-2011-0474 2 Debian, Google 3 Debian Linux, Chrome, Chrome Os 2020-07-24 10.0 HIGH N/A
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
CVE-2011-0482 2 Debian, Google 3 Debian Linux, Chrome, Chrome Os 2020-07-24 4.3 MEDIUM N/A
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.
CVE-2017-13194 2 Debian, Google 2 Debian Linux, Android 2020-07-23 7.8 HIGH 7.5 HIGH
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.
CVE-2020-13965 3 Debian, Fedoraproject, Roundcube 3 Debian Linux, Fedora, Webmail 2020-07-23 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.
CVE-2019-9200 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Poppler 2020-07-23 6.8 MEDIUM 8.8 HIGH
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2019-9631 3 Debian, Fedoraproject, Freedesktop 3 Debian Linux, Fedora, Poppler 2020-07-23 7.5 HIGH 9.8 CRITICAL
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2017-18267 4 Canonical, Debian, Freedesktop and 1 more 7 Ubuntu Linux, Debian Linux, Poppler and 4 more 2020-07-23 4.3 MEDIUM 5.5 MEDIUM
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
CVE-2018-16646 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Poppler 2020-07-23 4.3 MEDIUM 6.5 MEDIUM
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
CVE-2018-20481 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Poppler 2020-07-23 4.3 MEDIUM 6.5 MEDIUM
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
CVE-2011-0495 3 Debian, Digium, Fedoraproject 6 Debian Linux, Asterisk, Asterisknow and 3 more 2020-07-15 6.0 MEDIUM N/A
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.
CVE-2015-8607 3 Canonical, Debian, Perl 3 Ubuntu Linux, Debian Linux, Pathtools 2020-07-14 7.5 HIGH 7.3 HIGH
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
CVE-2018-18312 5 Canonical, Debian, Netapp and 2 more 8 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 5 more 2020-07-14 7.5 HIGH 9.8 CRITICAL
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
CVE-2018-18313 6 Apple, Canonical, Debian and 3 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2020-07-14 6.4 MEDIUM 9.1 CRITICAL
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.