Filtered by vendor Debian
Subscriptions
Total
9317 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2925 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-12 | N/A |
| The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack." | ||||
| CVE-2015-8781 | 3 Debian, Libtiff, Redhat | 3 Debian Linux, Libtiff, Enterprise Linux | 2025-04-12 | 6.5 Medium |
| tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. | ||||
| CVE-2015-2736 | 6 Canonical, Debian, Mozilla and 3 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | N/A |
| The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | ||||
| CVE-2015-0433 | 6 Canonical, Debian, Mariadb and 3 more | 18 Ubuntu Linux, Debian Linux, Mariadb and 15 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. | ||||
| CVE-2016-1248 | 3 Debian, Redhat, Vim | 3 Debian Linux, Enterprise Linux, Vim | 2025-04-12 | N/A |
| vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. | ||||
| CVE-2016-1244 | 2 Debian, Unadf Project | 2 Debian Linux, Unadf | 2025-04-12 | N/A |
| The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file. | ||||
| CVE-2016-1243 | 2 Debian, Unadf Project | 2 Debian Linux, Unadf | 2025-04-12 | N/A |
| Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname. | ||||
| CVE-2016-1235 | 2 Debian, Oar Project | 2 Debian Linux, Oar | 2025-04-12 | N/A |
| The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. | ||||
| CVE-2015-2734 | 6 Canonical, Debian, Mozilla and 3 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-04-12 | N/A |
| The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors. | ||||
| CVE-2015-7697 | 3 Canonical, Debian, Unzip Project | 3 Ubuntu Linux, Debian Linux, Unzip | 2025-04-12 | N/A |
| Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. | ||||
| CVE-2016-1233 | 1 Debian | 2 Debian Linux, Fuse | 2025-04-12 | N/A |
| An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | ||||
| CVE-2014-0226 | 4 Apache, Debian, Oracle and 1 more | 9 Http Server, Debian Linux, Enterprise Manager Ops Center and 6 more | 2025-04-12 | N/A |
| Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. | ||||
| CVE-2016-5131 | 8 Apple, Canonical, Debian and 5 more | 18 Iphone Os, Mac Os X, Tvos and 15 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | ||||
| CVE-2016-0747 | 6 Apple, Canonical, Debian and 3 more | 6 Xcode, Ubuntu Linux, Debian Linux and 3 more | 2025-04-12 | 5.3 Medium |
| The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. | ||||
| CVE-2014-9087 | 4 Canonical, Debian, Gnupg and 1 more | 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more | 2025-04-12 | N/A |
| Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. | ||||
| CVE-2016-1695 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2016-3712 | 6 Canonical, Citrix, Debian and 3 more | 12 Ubuntu Linux, Xenserver, Debian Linux and 9 more | 2025-04-12 | 5.5 Medium |
| Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | ||||
| CVE-2015-4167 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-12 | N/A |
| The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. | ||||
| CVE-2016-3710 | 7 Canonical, Citrix, Debian and 4 more | 17 Ubuntu Linux, Xenserver, Debian Linux and 14 more | 2025-04-12 | 8.8 High |
| The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | ||||
| CVE-2015-2721 | 6 Canonical, Debian, Mozilla and 3 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2025-04-12 | N/A |
| Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. | ||||