Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Debian Subscribe
Total 8236 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-1182 6 Caldera, Debian, Delix and 3 more 6 Openlinux Lite, Debian Linux, Dld and 3 more 2016-10-17 7.2 HIGH N/A
Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0]) and forcing ld.so/ld-linux.so to report an error.
CVE-2016-7424 2 Debian, Libav 2 Debian Linux, Libav 2016-10-11 4.3 MEDIUM 5.5 MEDIUM
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
CVE-2015-8875 2 Debian, Gnome 2 Debian Linux, Gdk-pixbuf 2016-10-04 6.8 MEDIUM 7.8 HIGH
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.
CVE-2016-6801 2 Apache, Debian 2 Jackrabbit, Debian Linux 2016-10-04 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
CVE-2016-7176 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-30 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet.
CVE-2016-7177 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-29 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.
CVE-2016-7179 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-29 4.3 MEDIUM 5.9 MEDIUM
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-7180 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-29 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
CVE-2016-7178 2 Debian, Wireshark 2 Debian Linux, Wireshark 2016-09-29 4.3 MEDIUM 5.9 MEDIUM
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and application crash) via a crafted packet.
CVE-2014-8601 2 Debian, Powerdns 2 Debian Linux, Recursor 2016-09-06 5.0 MEDIUM N/A
PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
CVE-2012-6684 2 Debian, Redcloth 2 Debian Linux, Redcloth Library 2016-09-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.
CVE-2014-1829 4 Canonical, Debian, Mageia and 1 more 4 Ubuntu Linux, Debian Linux, Mageia and 1 more 2016-08-30 5.0 MEDIUM N/A
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
CVE-2014-7204 3 Canonical, Debian, Mageia 4 Ubuntu Linux, Debian Linux, Exuberant Ctags and 1 more 2016-08-30 5.0 MEDIUM N/A
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
CVE-2013-6892 2 Debian, Websvn 2 Debian Linux, Websvn 2016-08-26 3.5 LOW N/A
WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.
CVE-2014-0159 2 Debian, Openafs 2 Debian Linux, Openafs 2016-08-24 5.0 MEDIUM N/A
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
CVE-2013-4135 2 Debian, Openafs 2 Debian Linux, Openafs 2016-08-24 4.3 MEDIUM N/A
The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-4134 2 Debian, Openafs 2 Debian Linux, Openafs 2016-08-24 4.3 MEDIUM N/A
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.
CVE-2014-9472 3 Bestpractical, Debian, Fedoraproject 3 Request Tracker, Debian Linux, Fedora 2016-08-23 7.1 HIGH N/A
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
CVE-2015-7558 2 Debian, Gnome 2 Debian Linux, Librsvg 2016-08-23 5.0 MEDIUM 7.5 HIGH
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
CVE-2014-3686 3 Canonical, Debian, W1.fi 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more 2016-07-26 6.8 MEDIUM N/A
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.