Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 8956 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2270 5 Canonical, Debian, File Project and 2 more 5 Ubuntu Linux, Debian Linux, File and 2 more 2023-12-10 4.3 MEDIUM N/A
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2014-1639 1 Debian 1 Syncevolution 2023-12-10 3.3 LOW N/A
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2015-2756 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-12-10 4.9 MEDIUM N/A
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
CVE-2014-3227 1 Debian 1 Dpkg 2023-12-10 6.4 MEDIUM N/A
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.
CVE-2014-1524 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
CVE-2014-9670 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2023-12-10 4.3 MEDIUM N/A
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
CVE-2015-2317 6 Canonical, Debian, Djangoproject and 3 more 6 Ubuntu Linux, Debian Linux, Django and 3 more 2023-12-10 4.3 MEDIUM N/A
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.
CVE-2014-2483 3 Debian, Oracle, Redhat 5 Debian Linux, Jdk, Jre and 2 more 2023-12-10 9.3 HIGH N/A
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations."
CVE-2015-1236 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Chrome 2023-12-10 4.3 MEDIUM N/A
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
CVE-2015-1382 3 Debian, Opensuse, Privoxy 3 Debian Linux, Opensuse, Privoxy 2023-12-10 5.0 MEDIUM N/A
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
CVE-2014-1640 1 Debian 1 Axiom 2023-12-10 3.3 LOW N/A
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2014-3615 5 Canonical, Debian, Opensuse and 2 more 13 Ubuntu Linux, Debian Linux, Opensuse and 10 more 2023-12-10 2.1 LOW N/A
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2015-0382 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2023-12-10 4.3 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
CVE-2014-0459 3 Canonical, Debian, Oracle 4 Ubuntu Linux, Debian Linux, Jdk and 1 more 2023-12-10 4.3 MEDIUM N/A
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
CVE-2015-0501 7 Canonical, Debian, Juniper and 4 more 14 Ubuntu Linux, Debian Linux, Junos Space and 11 more 2023-12-10 5.7 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
CVE-2014-6601 6 Canonical, Debian, Novell and 3 more 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more 2023-12-10 10.0 HIGH N/A
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVE-2014-9039 3 Debian, Mageia Project, Wordpress 3 Debian Linux, Mageia, Wordpress 2023-12-10 4.3 MEDIUM N/A
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.
CVE-2014-0159 2 Debian, Openafs 2 Debian Linux, Openafs 2023-12-10 5.0 MEDIUM N/A
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
CVE-2015-0432 7 Canonical, Debian, Fedoraproject and 4 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2023-12-10 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
CVE-2015-1237 3 Canonical, Debian, Google 3 Ubuntu Linux, Debian Linux, Chrome 2023-12-10 7.5 HIGH N/A
Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation.