Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 8002 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7824 4 Canonical, D-bus Project, Debian and 1 more 4 Ubuntu Linux, D-bus, Debian Linux and 1 more 2017-09-08 2.1 LOW N/A
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3636.1.
CVE-2014-9112 2 Debian, Gnu 2 Debian Linux, Cpio 2017-09-08 5.0 MEDIUM N/A
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
CVE-2014-7209 1 Debian 1 Mime-support 2017-09-08 7.5 HIGH N/A
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
CVE-2014-8625 1 Debian 1 Dpkg 2017-09-08 6.8 MEDIUM N/A
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
CVE-2014-4975 4 Canonical, Debian, Redhat and 1 more 7 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 4 more 2017-08-29 5.0 MEDIUM N/A
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.
CVE-2014-1638 1 Debian 1 Localepurge 2017-08-29 3.3 LOW N/A
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2014-3165 2 Debian, Google 2 Debian Linux, Chrome 2017-08-29 7.5 HIGH N/A
Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion.
CVE-2014-1640 1 Debian 1 Axiom 2017-08-29 3.3 LOW N/A
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2014-0479 2 Canonical, Debian 2 Reportbug, Reportbug 2017-08-29 6.8 MEDIUM N/A
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
CVE-2014-1639 1 Debian 1 Syncevolution 2017-08-29 3.3 LOW N/A
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2014-3167 2 Debian, Google 2 Debian Linux, Chrome 2017-08-29 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2013-4565 1 Debian 1 Ppthtml 2017-08-29 6.8 MEDIUM N/A
Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.
CVE-2013-1427 2 Debian, Lighttpd 2 Debian Linux, Lighttpd 2017-08-29 1.9 LOW N/A
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
CVE-2012-5653 2 Debian, Drupal 2 Debian Linux, Drupal 2017-08-29 6.0 MEDIUM N/A
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
CVE-2012-3509 3 Canonical, Debian, Gnu 4 Ubuntu Linux, Debian Linux, Binutils and 1 more 2017-08-29 5.0 MEDIUM N/A
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
CVE-2012-2251 3 Debian, Fedoraproject, Pizzashack 3 Debian Linux, Fedora, Rssh 2017-08-29 4.4 MEDIUM N/A
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
CVE-2012-0216 1 Debian 1 Apache2 2017-08-29 4.4 MEDIUM N/A
The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
CVE-2011-1499 2 Banu, Debian 2 Tinyproxy, Debian Linux 2017-08-17 2.6 LOW N/A
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
CVE-2011-0721 1 Debian 1 Shadow 2017-08-17 6.4 MEDIUM N/A
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
CVE-2010-4695 3 Catb, Debian, Redhat 3 Gif2png, Linux, Fedora 2017-08-17 5.0 MEDIUM N/A
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote attackers to create PNG files in unintended directories via a crafted command-line argument, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.