Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-6272 2 Debian, Libevent Project 2 Debian Linux, Libevent 2017-12-08 7.5 HIGH N/A
Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.
CVE-2017-5122 2 Debian, Google 2 Debian Linux, Chrome 2017-12-08 6.8 MEDIUM 8.8 HIGH
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page.
CVE-2016-0739 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2017-12-08 4.3 MEDIUM 5.9 MEDIUM
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
CVE-2016-0773 3 Canonical, Debian, Postgresql 3 Ubuntu Linux, Debian Linux, Postgresql 2017-12-08 5.0 MEDIUM 7.5 HIGH
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
CVE-2017-8806 3 Canonical, Debian, Postgresql 3 Ubuntu Linux, Debian Linux, Postgresql 2017-12-08 3.6 LOW 5.5 MEDIUM
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.
CVE-2017-8811 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 4.3 MEDIUM 6.1 MEDIUM
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
CVE-2017-8810 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 5.0 MEDIUM 7.5 HIGH
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
CVE-2017-8809 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 7.5 HIGH 9.8 CRITICAL
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
CVE-2017-8808 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 4.3 MEDIUM 6.1 MEDIUM
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
CVE-2017-8814 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 5.0 MEDIUM 7.5 HIGH
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
CVE-2017-8815 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 5.0 MEDIUM 7.5 HIGH
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
CVE-2017-16227 2 Debian, Quagga 2 Debian Linux, Quagga 2017-11-18 5.0 MEDIUM 7.5 HIGH
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
CVE-2012-2947 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2017-11-13 2.6 LOW N/A
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
CVE-2016-1246 3 Dbd-mysql Project, Debian, Perl 3 Dbd-mysql, Debian Linux, Perl 2017-11-13 5.0 MEDIUM 7.5 HIGH
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
CVE-2015-2575 3 Debian, Mysql, Suse 5 Debian Linux, Mysql, Linux Enterprise Desktop and 2 more 2017-11-09 4.9 MEDIUM N/A
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
CVE-2017-8805 1 Debian 1 Ftpsync 2017-11-08 6.4 MEDIUM 9.1 CRITICAL
Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.
CVE-2013-6049 2 Apt-listbugs Project, Debian 2 Apt-listbugs, Debian Linux 2017-11-08 4.6 MEDIUM 7.8 HIGH
apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.
CVE-2015-1572 3 Canonical, Debian, E2fsprogs Project 3 Ubuntu Linux, Debian Linux, E2fsprogs 2017-11-07 4.6 MEDIUM N/A
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
CVE-2015-2754 2 Debian, Gaia-gis 2 Debian Linux, Freexl 2017-11-07 6.8 MEDIUM N/A
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."
CVE-2015-4171 3 Canonical, Debian, Strongswan 4 Ubuntu Linux, Debian Linux, Strongswan and 1 more 2017-11-07 2.6 LOW N/A
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.