Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8870 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-0226 | 4 Apache, Debian, Oracle and 1 more | 9 Http Server, Debian Linux, Enterprise Manager Ops Center and 6 more | 2024-08-06 | N/A |
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. | ||||
CVE-2014-0237 | 3 Debian, Php, Redhat | 4 Debian Linux, Php, Enterprise Linux and 1 more | 2024-08-06 | N/A |
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. | ||||
CVE-2014-0198 | 7 Debian, Fedoraproject, Mariadb and 4 more | 11 Debian Linux, Fedora, Mariadb and 8 more | 2024-08-06 | N/A |
The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. | ||||
CVE-2014-0196 | 7 Canonical, Debian, F5 and 4 more | 33 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 30 more | 2024-08-06 | N/A |
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. | ||||
CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2024-08-06 | 9.8 Critical |
mcollective has a default password set at install | ||||
CVE-2014-0207 | 6 Christos Zoulas, Debian, Opensuse and 3 more | 7 File, Debian Linux, Opensuse and 4 more | 2024-08-06 | N/A |
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. | ||||
CVE-2014-0160 | 13 Broadcom, Canonical, Debian and 10 more | 37 Symantec Messaging Gateway, Ubuntu Linux, Debian Linux and 34 more | 2024-08-06 | 7.5 High |
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. | ||||
CVE-2014-0118 | 3 Apache, Debian, Redhat | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2024-08-06 | N/A |
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. | ||||
CVE-2014-0159 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-08-06 | N/A |
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument. | ||||
CVE-2014-0138 | 3 Debian, Haxx, Redhat | 4 Debian Linux, Curl, Libcurl and 1 more | 2024-08-06 | N/A |
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. | ||||
CVE-2014-0083 | 2 Debian, Net-ldap Project | 2 Debian Linux, Net-ldap | 2024-08-06 | 5.5 Medium |
The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. | ||||
CVE-2014-0021 | 3 Chrony Project, Debian, Fedoraproject | 3 Chrony, Debian Linux, Fedora | 2024-08-06 | 7.5 High |
Chrony before 1.29.1 has traffic amplification in cmdmon protocol | ||||
CVE-2015-9542 | 3 Canonical, Debian, Freeradius | 3 Ubuntu Linux, Debian Linux, Pam Radius | 2024-08-06 | 7.5 High |
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. | ||||
CVE-2015-9382 | 3 Debian, Freetype, Redhat | 3 Debian Linux, Freetype, Enterprise Linux | 2024-08-06 | N/A |
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. | ||||
CVE-2015-9381 | 3 Debian, Freetype, Redhat | 3 Debian Linux, Freetype, Enterprise Linux | 2024-08-06 | N/A |
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | ||||
CVE-2015-9383 | 3 Canonical, Debian, Freetype | 3 Ubuntu Linux, Debian Linux, Freetype | 2024-08-06 | 6.5 Medium |
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. | ||||
CVE-2015-9262 | 4 Canonical, Debian, Redhat and 1 more | 8 Ubuntu Linux, Debian Linux, Ansible Tower and 5 more | 2024-08-06 | N/A |
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | ||||
CVE-2015-9261 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2024-08-06 | 5.5 Medium |
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | ||||
CVE-2015-9267 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-08-06 | 5.5 Medium |
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program. | ||||
CVE-2015-9268 | 2 Debian, Nullsoft | 2 Debian Linux, Nullsoft Scriptable Install System | 2024-08-06 | 7.8 High |
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime. |