Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-0366 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2018-05-14 4.0 MEDIUM 5.4 MEDIUM
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
CVE-2017-0364 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2018-05-14 5.8 MEDIUM 6.1 MEDIUM
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
CVE-2017-0363 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2018-05-14 5.8 MEDIUM 6.1 MEDIUM
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
CVE-2017-0365 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2018-05-14 2.6 LOW 4.7 MEDIUM
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.
CVE-2017-13704 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2018-05-10 5.0 MEDIUM 7.5 HIGH
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
CVE-2017-14496 6 Canonical, Debian, Google and 3 more 8 Ubuntu Linux, Debian Linux, Android and 5 more 2018-05-10 7.8 HIGH 7.5 HIGH
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
CVE-1999-0743 1 Debian 1 Debian Linux 2018-05-02 2.1 LOW N/A
Trn allows local users to overwrite other users' files via symlinks.
CVE-2001-0763 2 Debian, Suse 2 Debian Linux, Suse Linux 2018-05-02 7.5 HIGH N/A
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.
CVE-2003-0615 3 Cgi.pm, Debian, Openpkg 3 Cgi.pm, Debian Linux, Openpkg 2018-05-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
CVE-2001-0886 2 Debian, Redhat 2 Debian Linux, Linux 2018-05-02 4.6 MEDIUM N/A
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
CVE-2000-0584 2 Debian, Freebsd 2 Debian Linux, Freebsd 2018-05-02 10.0 HIGH N/A
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
CVE-2000-0666 5 Conectiva, Debian, Redhat and 2 more 5 Linux, Debian Linux, Linux and 2 more 2018-05-02 10.0 HIGH N/A
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
CVE-2000-0867 5 Debian, Mandrakesoft, Redhat and 2 more 5 Debian Linux, Mandrake Linux, Linux and 2 more 2018-05-02 7.2 HIGH N/A
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
CVE-2017-7000 4 Apple, Chromium, Debian and 1 more 7 Iphone Os, Mac Os X, Chromium and 4 more 2018-04-27 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-17741 2 Debian, Linux 2 Debian Linux, Linux Kernel 2018-04-24 2.1 LOW 6.5 MEDIUM
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
CVE-2012-4929 3 Debian, Google, Mozilla 3 Debian Linux, Chrome, Firefox 2018-04-21 2.6 LOW N/A
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
CVE-2018-8764 2 Debian, Ldap-account-manager 2 Debian Linux, Ldap Account Manager 2018-04-20 6.8 MEDIUM 8.8 HIGH
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.
CVE-2018-8763 2 Debian, Ldap-account-manager 2 Debian Linux, Ldap Account Manager 2018-04-19 4.3 MEDIUM 6.1 MEDIUM
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.
CVE-2018-1000097 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Sharutils 2018-04-13 6.8 MEDIUM 7.8 HIGH
Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function looks_like_c_code. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack appear to be exploitable via Victim have to run unshar command on a specially crafted file..
CVE-2017-16612 3 Canonical, Debian, X 3 Ubuntu Linux, Debian Linux, Libxcursor 2018-04-10 5.0 MEDIUM 7.5 HIGH
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.