Filtered by vendor Debian
Subscribe
Total
8236 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9039 | 3 Debian, Mageia Project, Wordpress | 3 Debian Linux, Mageia, Wordpress | 2016-06-30 | 4.3 MEDIUM | N/A |
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message. | |||||
CVE-2014-9037 | 3 Debian, Mageia Project, Wordpress | 3 Debian Linux, Mageia, Wordpress | 2016-06-30 | 6.8 MEDIUM | N/A |
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash. | |||||
CVE-2016-1231 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2016-06-15 | 4.3 MEDIUM | 5.9 MEDIUM |
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path. | |||||
CVE-2015-7827 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2016-06-09 | 5.0 MEDIUM | 7.5 HIGH |
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | |||||
CVE-2016-1232 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2016-06-09 | 5.0 MEDIUM | 7.5 HIGH |
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack. | |||||
CVE-2014-9747 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2016-06-08 | 5.0 MEDIUM | 7.5 HIGH |
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. | |||||
CVE-2016-1902 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2016-06-03 | 5.0 MEDIUM | 7.5 HIGH |
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
CVE-2016-4423 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2016-06-03 | 5.0 MEDIUM | 7.5 HIGH |
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. | |||||
CVE-2016-2860 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2016-05-19 | 4.0 MEDIUM | 6.5 MEDIUM |
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID. | |||||
CVE-2015-5726 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2016-05-16 | 5.0 MEDIUM | 7.5 HIGH |
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | |||||
CVE-2016-1236 | 2 Debian, Websvn | 2 Debian Linux, Websvn | 2016-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository. | |||||
CVE-2016-4561 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2016-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. | |||||
CVE-2015-5727 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2016-05-13 | 7.8 HIGH | 7.5 HIGH |
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |||||
CVE-2015-0857 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2016-05-09 | 10.0 HIGH | 9.8 CRITICAL |
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | |||||
CVE-2015-0858 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2016-05-09 | 2.1 LOW | 3.3 LOW |
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. | |||||
CVE-2016-3171 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2016-05-09 | 6.8 MEDIUM | 8.1 HIGH |
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation. | |||||
CVE-2016-3162 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2016-04-22 | 6.5 MEDIUM | 8.1 HIGH |
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. | |||||
CVE-2015-8474 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2016-04-20 | 5.8 MEDIUM | 7.4 HIGH |
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985. | |||||
CVE-2015-8346 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2016-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form. | |||||
CVE-2015-8537 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2016-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. |