Filtered by vendor Debian
Subscribe
Total
8236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | |||||
| CVE-2005-2351 | 2 Debian, Mutt | 2 Debian Linux, Mutt | 2019-11-13 | 2.1 LOW | 5.5 MEDIUM |
| Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | |||||
| CVE-2009-5046 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. | |||||
| CVE-2009-5045 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Dump Servlet information leak in jetty before 6.1.22. | |||||
| CVE-2018-1308 | 2 Apache, Debian | 2 Solr, Debian Linux | 2019-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. | |||||
| CVE-2013-5123 | 5 Debian, Fedoraproject, Pypa and 2 more | 6 Debian Linux, Fedora, Pip and 3 more | 2019-11-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | |||||
| CVE-2012-0051 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2019-11-12 | 5.8 MEDIUM | 7.4 HIGH |
| Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. | |||||
| CVE-2018-19777 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-11-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. | |||||
| CVE-2013-1811 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2019-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | |||||
| CVE-2012-0049 | 3 Debian, Fedoraproject, Openttd | 3 Debian Linux, Fedora, Openttd | 2019-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | |||||
| CVE-2019-17362 | 2 Debian, Libtom | 2 Debian Linux, Libtomcrypt | 2019-11-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data. | |||||
| CVE-2013-4251 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2019-11-08 | 4.6 MEDIUM | 7.8 HIGH |
| The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | |||||
| CVE-2009-5049 | 2 Debian, Mortbay | 2 Debian Linux, Jetty | 2019-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. | |||||
| CVE-2011-4900 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2019-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.5.4 allows Information Disclosure in the backend. | |||||
| CVE-2017-5333 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2019-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | |||||
| CVE-2010-0747 | 2 Debian, Linbit | 2 Debian Linux, Drbd8 | 2019-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| drbd8 allows local users to bypass intended restrictions for certain actions via netlink packets, similar to CVE-2009-3725. | |||||
| CVE-2013-2255 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Compute, Keystone and 1 more | 2019-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | |||||
| CVE-2018-5735 | 1 Debian | 1 Debian Linux | 2019-11-06 | 5.0 MEDIUM | 7.5 HIGH |
| The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected. | |||||
| CVE-2010-3674 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2019-11-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| TYPO3 before 4.4.1 allows XSS in the frontend search box. | |||||
| CVE-2010-2490 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2019-11-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mumble: murmur-server has DoS due to malformed client query | |||||