Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9963 3 Canonical, Debian, Exim 3 Ubuntu Linux, Debian Linux, Exim 2017-02-15 2.6 LOW 5.9 MEDIUM
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
CVE-2016-9532 2 Debian, Libtiff 2 Debian Linux, Libtiff 2017-02-08 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
CVE-2016-9119 3 Canonical, Debian, Moinmo 3 Ubuntu Linux, Debian Linux, Moinmoin 2017-02-03 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-6354 2 Debian, Flex Project 2 Debian Linux, Flex 2017-01-17 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
CVE-2016-9964 2 Bottlepy, Debian 2 Bottle, Debian Linux 2017-01-10 4.3 MEDIUM 6.5 MEDIUM
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
CVE-2013-7020 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2017-01-06 6.8 MEDIUM N/A
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.
CVE-2014-1557 3 Debian, Mozilla, Oracle 5 Debian Linux, Firefox, Firefox Esr and 2 more 2017-01-06 9.3 HIGH N/A
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
CVE-2014-3160 2 Debian, Google 2 Debian Linux, Chrome 2017-01-06 6.8 MEDIUM N/A
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.
CVE-2014-3162 2 Debian, Google 2 Debian Linux, Chrome 2017-01-06 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-3333 3 Canonical, Debian, Google 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2017-01-02 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2015-0840 2 Canonical, Debian 2 Ubuntu Linux, Dpkg 2017-01-02 4.3 MEDIUM N/A
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
CVE-2015-1241 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Chrome 2017-01-02 4.3 MEDIUM N/A
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
CVE-2015-1235 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Chrome 2017-01-02 5.0 MEDIUM N/A
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.
CVE-2015-1236 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Chrome 2017-01-02 4.3 MEDIUM N/A
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
CVE-2015-1237 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Chrome 2017-01-02 7.5 HIGH N/A
Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation.
CVE-2015-1238 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Chrome 2017-01-02 7.5 HIGH N/A
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
CVE-2015-1240 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Chrome 2017-01-02 5.0 MEDIUM N/A
gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.
CVE-2015-1242 3 Canonical, Debian, Google 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2017-01-02 7.5 HIGH N/A
The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization.
CVE-2015-1243 4 Canonical, Debian, Google and 1 more 7 Ubuntu Linux, Debian Linux, Chrome and 4 more 2017-01-02 7.5 HIGH N/A
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.
CVE-2015-1244 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Chrome 2017-01-02 5.0 MEDIUM N/A
The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic.