Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2058 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2018-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page. | |||||
| CVE-2016-2175 | 2 Apache, Debian | 2 Pdfbox, Debian Linux | 2018-10-09 | 7.5 HIGH | 7.8 HIGH |
| Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. | |||||
| CVE-2016-2385 | 2 Debian, Kamailio | 2 Debian Linux, Kamailio | 2018-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet. | |||||
| CVE-2015-3429 | 3 Automattic, Debian, Wordpress | 3 Genericons, Debian Linux, Wordpress | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. | |||||
| CVE-2015-0247 | 4 Canonical, Debian, E2fsprogs Project and 1 more | 4 Ubuntu Linux, Debian Linux, E2fsprogs and 1 more | 2018-10-09 | 4.6 MEDIUM | N/A |
| Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. | |||||
| CVE-2015-1251 | 2 Debian, Google | 2 Debian Linux, Chrome | 2018-10-09 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. | |||||
| CVE-2014-0138 | 2 Debian, Haxx | 3 Debian Linux, Curl, Libcurl | 2018-10-09 | 6.4 MEDIUM | N/A |
| The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. | |||||
| CVE-2012-4430 | 2 Bacula, Debian | 2 Bacula, Debian Linux | 2018-10-09 | 4.0 MEDIUM | N/A |
| The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. | |||||
| CVE-2005-4347 | 1 Debian | 2 Debian Linux, Kernel-patch-vserver | 2018-10-04 | 5.0 MEDIUM | N/A |
| The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver. | |||||
| CVE-2018-14767 | 2 Debian, Kamailio | 2 Debian Linux, Kamailio | 2018-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "build_res_buf_from_sip_req" core function. This could result in denial of service and potentially the execution of arbitrary code. | |||||
| CVE-2009-3232 | 2 Debian, Ubuntu | 2 Debian Linux, Ubuntu Linux | 2018-10-03 | 9.3 HIGH | N/A |
| pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication. | |||||
| CVE-2006-7236 | 3 Debian, Invisible-island, Ubuntu | 3 Debian Linux, Xterm, Linux | 2018-10-03 | 9.3 HIGH | N/A |
| The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. | |||||
| CVE-2006-1244 | 4 Debian, Gnome, Libextractor and 1 more | 4 Debian Linux, Gpdf, Libextractor and 1 more | 2018-10-03 | 7.6 HIGH | N/A |
| Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. | |||||
| CVE-2005-3323 | 2 Debian, Zope | 2 Debian Linux, Zope | 2018-10-03 | 7.5 HIGH | N/A |
| docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. | |||||
| CVE-2018-6519 | 2 Debian, Simplesamlphp | 2 Debian Linux, Saml2 | 2018-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | |||||
| CVE-2018-14912 | 2 Cgit Project, Debian | 2 Cgit, Debian Linux | 2018-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. | |||||
| CVE-2016-9955 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2018-10-02 | 4.0 MEDIUM | 6.3 MEDIUM |
| The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. | |||||
| CVE-2003-0098 | 2 Apcupsd, Debian | 2 Apcupsd, Debian Linux | 2018-09-26 | 10.0 HIGH | N/A |
| Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server. | |||||
| CVE-2018-10860 | 3 Canonical, Debian, Perl-archive-zip Project | 3 Ubuntu Linux, Debian Linux, Perl-archive-zip | 2018-09-23 | 6.4 MEDIUM | 7.5 HIGH |
| perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. | |||||
| CVE-2014-2079 | 2 Debian, X File Explorer Project | 2 Debian Linux, X File Explorer | 2018-09-15 | 2.1 LOW | 5.5 MEDIUM |
| X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares. | |||||