Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8870 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-1526 | 6 Debian, Fedoraproject, Mit and 3 more | 8 Debian Linux, Fedora, Krb5-appl and 5 more | 2024-08-06 | N/A |
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script. | ||||
CVE-2011-1499 | 2 Banu, Debian | 2 Tinyproxy, Debian Linux | 2024-08-06 | N/A |
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server. | ||||
CVE-2011-1488 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2024-08-06 | 5.5 Medium |
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. | ||||
CVE-2011-1440 | 3 Apple, Debian, Google | 4 Itunes, Safari, Debian Linux and 1 more | 2024-08-06 | N/A |
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. | ||||
CVE-2011-1489 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2024-08-06 | 5.5 Medium |
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. | ||||
CVE-2011-1490 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2024-08-06 | 5.5 Medium |
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset | ||||
CVE-2011-1444 | 3 Debian, Google, Linux | 3 Debian Linux, Chrome, Linux Kernel | 2024-08-06 | N/A |
Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2011-1408 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2024-08-06 | 8.2 High |
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. | ||||
CVE-2011-1400 | 2 Canonical, Debian | 3 Ubuntu Linux, Debian Linux, Tex-common | 2024-08-06 | N/A |
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document. | ||||
CVE-2011-1292 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-08-06 | N/A |
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2011-1293 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2024-08-06 | N/A |
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
CVE-2011-1176 | 3 Apache, Debian, Mpm-itk Project | 3 Http Server, Debian Linux, Mpm-itk | 2024-08-06 | N/A |
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process. | ||||
CVE-2011-1145 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2024-08-06 | 7.8 High |
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. | ||||
CVE-2011-1136 | 2 Debian, Tesseract Project | 2 Debian Linux, Tesseract | 2024-08-06 | 4.7 Medium |
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file. | ||||
CVE-2011-1070 | 2 Debian, V86d Project | 2 Debian Linux, V86d | 2024-08-06 | 7.8 High |
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. | ||||
CVE-2011-0997 | 4 Canonical, Debian, Isc and 1 more | 5 Ubuntu Linux, Debian Linux, Dhcp and 2 more | 2024-08-06 | N/A |
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | ||||
CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-08-06 | 9.8 Critical |
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | ||||
CVE-2011-0981 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2024-08-06 | N/A |
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | ||||
CVE-2011-0985 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-08-06 | N/A |
Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors. | ||||
CVE-2011-1002 | 5 Avahi, Canonical, Debian and 2 more | 5 Avahi, Ubuntu Linux, Debian Linux and 2 more | 2024-08-06 | N/A |
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. |