Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8871 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-0434 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2024-08-07 | N/A |
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. | ||||
CVE-2010-0394 | 3 Debian, Edgewall Software, Nanosleep | 3 Debian Linux, Trac, Trac-git | 2024-08-07 | N/A |
PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command. | ||||
CVE-2010-0395 | 7 Apache, Canonical, Debian and 4 more | 7 Openoffice, Ubuntu Linux, Debian Linux and 4 more | 2024-08-07 | N/A |
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. | ||||
CVE-2010-0410 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-08-07 | N/A |
drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. | ||||
CVE-2010-0307 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-08-07 | N/A |
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. | ||||
CVE-2010-0298 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-08-07 | N/A |
The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306. | ||||
CVE-2010-0291 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-08-07 | N/A |
The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." | ||||
CVE-2010-0207 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2024-08-07 | 5.5 Medium |
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. | ||||
CVE-2010-0206 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2024-08-07 | 5.5 Medium |
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. | ||||
CVE-2010-0205 | 8 Apple, Canonical, Debian and 5 more | 8 Mac Os X, Ubuntu Linux, Debian Linux and 5 more | 2024-08-07 | N/A |
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. | ||||
CVE-2010-0136 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2024-08-07 | N/A |
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. | ||||
CVE-2010-0159 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2024-08-07 | N/A |
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||||
CVE-2010-0012 | 3 Debian, Opensuse, Transmissionbt | 3 Debian Linux, Opensuse, Transmission | 2024-08-07 | 8.8 High |
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file. | ||||
CVE-2011-5325 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2024-08-07 | 7.5 High |
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | ||||
CVE-2010-0003 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-08-07 | N/A |
The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address. | ||||
CVE-2011-5326 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2024-08-07 | N/A |
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse. | ||||
CVE-2011-4968 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2024-08-07 | 4.8 Medium |
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | ||||
CVE-2011-4931 | 2 Debian, Gpw Project | 2 Debian Linux, Gpw | 2024-08-07 | 7.5 High |
gpw generates shorter passwords than required | ||||
CVE-2011-4915 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-07 | 5.5 Medium |
fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. | ||||
CVE-2011-4900 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-08-07 | 6.5 Medium |
TYPO3 before 4.5.4 allows Information Disclosure in the backend. |