Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-12836 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Cvs | 2019-10-02 | 5.1 MEDIUM | 7.5 HIGH |
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." | |||||
CVE-2017-12873 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. | |||||
CVE-2017-17432 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. | |||||
CVE-2017-12937 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | |||||
CVE-2016-1645 | 3 Debian, Google, Opensuse | 5 Debian Linux, Chrome, Leap and 2 more | 2019-09-27 | 9.3 HIGH | 8.8 HIGH |
Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. | |||||
CVE-2011-2767 | 4 Apache, Canonical, Debian and 1 more | 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more | 2019-09-24 | 10.0 HIGH | 9.8 CRITICAL |
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | |||||
CVE-2017-17405 | 3 Debian, Redhat, Ruby-lang | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-09-19 | 9.3 HIGH | 8.8 HIGH |
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. | |||||
CVE-2018-12565 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2019-09-18 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. | |||||
CVE-2018-20175 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-14 | 5.0 MEDIUM | 7.5 HIGH |
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | |||||
CVE-2018-20178 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-14 | 5.0 MEDIUM | 7.5 HIGH |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). | |||||
CVE-2018-20180 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-14 | 7.5 HIGH | 9.8 CRITICAL |
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution. | |||||
CVE-2018-20182 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-14 | 7.5 HIGH | 9.8 CRITICAL |
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. | |||||
CVE-2018-8791 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-14 | 5.0 MEDIUM | 7.5 HIGH |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. | |||||
CVE-2018-8792 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-14 | 5.0 MEDIUM | 7.5 HIGH |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). | |||||
CVE-2018-8796 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-14 | 5.0 MEDIUM | 7.5 HIGH |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). | |||||
CVE-2018-8798 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-14 | 5.0 MEDIUM | 7.5 HIGH |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. | |||||
CVE-2018-8799 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-14 | 5.0 MEDIUM | 7.5 HIGH |
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). | |||||
CVE-2018-19824 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-09-10 | 4.6 MEDIUM | 7.8 HIGH |
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | |||||
CVE-2015-9381 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2019-09-09 | 6.8 MEDIUM | 8.8 HIGH |
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | |||||
CVE-2015-9382 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2019-09-09 | 4.3 MEDIUM | 6.5 MEDIUM |
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. |