Filtered by vendor Debian Subscriptions
Total 9303 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-8291 3 Artifex, Debian, Redhat 9 Ghostscript, Debian Linux, Enterprise Linux and 6 more 2025-07-30 7.8 High
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CVE-2017-7494 3 Debian, Redhat, Samba 9 Debian Linux, Enterprise Linux, Rhel Aus and 6 more 2025-07-30 9.8 Critical
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
CVE-2017-12617 6 Apache, Canonical, Debian and 3 more 60 Tomcat, Ubuntu Linux, Debian Linux and 57 more 2025-07-30 8.1 High
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2017-16651 2 Debian, Roundcube 2 Debian Linux, Webmail 2025-07-30 7.8 High
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.
CVE-2018-6789 3 Canonical, Debian, Exim 3 Ubuntu Linux, Debian Linux, Exim 2025-07-30 9.8 Critical
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
CVE-2018-7600 2 Debian, Drupal 2 Debian Linux, Drupal 2025-07-30 9.8 Critical
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
CVE-2016-9079 5 Debian, Microsoft, Mozilla and 2 more 11 Debian Linux, Windows, Firefox and 8 more 2025-07-30 7.5 High
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
CVE-2018-7602 2 Debian, Drupal 2 Debian Linux, Drupal 2025-07-30 9.8 Critical
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
CVE-2018-17463 3 Debian, Google, Redhat 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more 2025-07-30 8.8 High
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2018-6065 4 Debian, Google, Mi and 1 more 7 Debian Linux, Chrome, Mi6 Browser and 4 more 2025-07-30 8.8 High
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2018-17480 3 Debian, Google, Redhat 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more 2025-07-30 8.8 High
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2019-5418 5 Debian, Fedoraproject, Opensuse and 2 more 8 Debian Linux, Fedora, Leap and 5 more 2025-07-30 7.5 High
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2019-0211 8 Apache, Canonical, Debian and 5 more 28 Http Server, Ubuntu Linux, Debian Linux and 25 more 2025-07-30 7.8 High
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
CVE-2019-10149 3 Canonical, Debian, Exim 3 Ubuntu Linux, Debian Linux, Exim 2025-07-30 9.8 Critical
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
CVE-2019-13272 6 Canonical, Debian, Fedoraproject and 3 more 25 Ubuntu Linux, Debian Linux, Fedora and 22 more 2025-07-30 7.8 High
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
CVE-2019-0193 2 Apache, Debian 2 Solr, Debian Linux 2025-07-30 7.2 High
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
CVE-2019-16928 4 Canonical, Debian, Exim and 1 more 4 Ubuntu Linux, Debian Linux, Exim and 1 more 2025-07-30 9.8 Critical
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
CVE-2019-2215 5 Canonical, Debian, Google and 2 more 145 Ubuntu Linux, Debian Linux, Android and 142 more 2025-07-30 7.8 High
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVE-2019-11043 6 Canonical, Debian, Fedoraproject and 3 more 26 Ubuntu Linux, Debian Linux, Fedora and 23 more 2025-07-30 8.7 High
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVE-2020-7247 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-07-30 9.8 Critical
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.