Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 6549 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40085 2 Debian, Openstack 2 Debian Linux, Neutron 2022-06-13 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
CVE-2017-9287 5 Debian, Mcafee, Openldap and 2 more 10 Debian Linux, Policy Auditor, Openldap and 7 more 2022-06-13 4.0 MEDIUM 6.5 MEDIUM
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
CVE-2018-1000007 5 Canonical, Debian, Fujitsu and 2 more 20 Ubuntu Linux, Debian Linux, M10-1 and 17 more 2022-06-13 5.0 MEDIUM 9.8 CRITICAL
libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.
CVE-2017-2905 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2904 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2902 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2906 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.
CVE-2017-2899 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2903 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2901 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2900 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
CVE-2017-2908 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog.
CVE-2017-2907 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.
CVE-2017-2919 2 Debian, Libxls Project 2 Debian Linux, Libxls 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability
CVE-2017-2918 2 Blender, Debian 2 Blender, Debian Linux 2022-06-13 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.
CVE-2017-2924 2 Debian, Freexl Project 2 Debian Linux, Freexl 2022-06-13 6.8 MEDIUM 8.8 HIGH
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
CVE-2017-2923 2 Debian, Freexl Project 2 Debian Linux, Freexl 2022-06-13 6.8 MEDIUM 8.8 HIGH
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
CVE-2018-8032 3 Apache, Debian, Oracle 38 Axis, Debian Linux, Agile Engineering Data Management and 35 more 2022-06-13 4.3 MEDIUM 6.1 MEDIUM
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2018-20546 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2022-06-13 5.8 MEDIUM 8.1 HIGH
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.
CVE-2019-13565 7 Apple, Canonical, Debian and 4 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2022-06-13 5.0 MEDIUM 7.5 HIGH
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.