Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8869 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-10729 | 3 Debian, Redhat, Zmanda | 3 Debian Linux, Enterprise Linux, Amanda | 2024-08-06 | N/A |
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. | ||||
CVE-2016-10711 | 2 Apsis, Debian | 2 Pound, Debian Linux | 2024-08-06 | N/A |
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. | ||||
CVE-2016-10741 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-06 | N/A |
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure. | ||||
CVE-2016-10746 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-08-06 | N/A |
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | ||||
CVE-2016-10510 | 2 Debian, Kohanaframework | 2 Debian Linux, Kohana | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php. | ||||
CVE-2016-10244 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-08-06 | N/A |
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. | ||||
CVE-2016-10196 | 4 Debian, Libevent Project, Mozilla and 1 more | 6 Debian Linux, Libevent, Firefox and 3 more | 2024-08-06 | 7.5 High |
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | ||||
CVE-2016-10243 | 3 Debian, Fedoraproject, Tug | 3 Debian Linux, Fedora, Tex Live | 2024-08-06 | N/A |
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | ||||
CVE-2016-10155 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Enterprise Linux and 1 more | 2024-08-06 | 6.0 Medium |
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | ||||
CVE-2016-10160 | 4 Debian, Netapp, Php and 1 more | 4 Debian Linux, Clustered Data Ontap, Php and 1 more | 2024-08-06 | 9.8 Critical |
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. | ||||
CVE-2016-10165 | 6 Canonical, Debian, Littlecms and 3 more | 23 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 20 more | 2024-08-06 | 7.1 High |
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | ||||
CVE-2016-10195 | 3 Debian, Libevent Project, Redhat | 3 Debian Linux, Libevent, Enterprise Linux | 2024-08-06 | 9.8 Critical |
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. | ||||
CVE-2016-10197 | 3 Debian, Libevent Project, Redhat | 3 Debian Linux, Libevent, Enterprise Linux | 2024-08-06 | 7.5 High |
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. | ||||
CVE-2016-10159 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Rhel Software Collections | 2024-08-06 | 7.5 High |
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. | ||||
CVE-2016-10149 | 3 Debian, Pysaml2 Project, Redhat | 3 Debian Linux, Pysaml2, Openstack | 2024-08-06 | N/A |
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | ||||
CVE-2016-9916 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-06 | 6.5 Medium |
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. | ||||
CVE-2016-9899 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-06 | N/A |
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | ||||
CVE-2016-10002 | 3 Debian, Redhat, Squid-cache | 3 Debian Linux, Enterprise Linux, Squid | 2024-08-06 | N/A |
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information. | ||||
CVE-2016-9956 | 3 Debian, Fedoraproject, Flightgear | 3 Debian Linux, Fedora, Flightgear | 2024-08-06 | N/A |
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | ||||
CVE-2016-9955 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-08-06 | N/A |
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. |