Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8852 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8158 4 Debian, Jasper Project, Opensuse and 1 more 4 Debian Linux, Jasper, Opensuse and 1 more 2018-10-30 6.8 MEDIUM N/A
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
CVE-2014-8595 3 Debian, Opensuse, Xen 3 Debian Linux, Opensuse, Xen 2018-10-30 1.9 LOW N/A
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction.
CVE-2016-3982 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Leap and 2 more 2018-10-30 6.8 MEDIUM 8.8 HIGH
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
CVE-2016-3069 6 Debian, Fedoraproject, Mercurial and 3 more 14 Debian Linux, Fedora, Mercurial and 11 more 2018-10-30 6.8 MEDIUM 8.8 HIGH
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE-2014-9670 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2018-10-30 4.3 MEDIUM N/A
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
CVE-2014-9672 5 Canonical, Debian, Freetype and 2 more 5 Ubuntu Linux, Debian Linux, Freetype and 2 more 2018-10-30 5.8 MEDIUM N/A
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.
CVE-2014-9671 6 Canonical, Debian, Freetype and 3 more 11 Ubuntu Linux, Debian Linux, Freetype and 8 more 2018-10-30 4.3 MEDIUM N/A
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.
CVE-2014-5026 3 Cacti, Debian, Opensuse 3 Cacti, Debian Linux, Opensuse 2018-10-30 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.
CVE-2014-9656 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2018-10-30 7.5 HIGH N/A
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.
CVE-2014-8866 3 Debian, Opensuse, Xen 3 Debian Linux, Opensuse, Xen 2018-10-30 4.7 MEDIUM N/A
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.
CVE-2016-2806 4 Debian, Mozilla, Opensuse and 1 more 5 Debian Linux, Firefox, Leap and 2 more 2018-10-30 10.0 HIGH 8.8 HIGH
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-9661 6 Canonical, Debian, Fedoraproject and 3 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2018-10-30 7.5 HIGH N/A
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
CVE-2014-5025 3 Cacti, Debian, Opensuse 3 Cacti, Debian Linux, Opensuse 2018-10-30 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.
CVE-2014-9673 5 Canonical, Debian, Freetype and 2 more 10 Ubuntu Linux, Debian Linux, Freetype and 7 more 2018-10-30 6.8 MEDIUM N/A
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
CVE-2013-6393 5 Canonical, Debian, Opensuse and 2 more 6 Ubuntu Linux, Debian Linux, Leap and 3 more 2018-10-30 6.8 MEDIUM N/A
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
CVE-2014-2326 4 Cacti, Debian, Fedoraproject and 1 more 4 Cacti, Debian Linux, Fedora and 1 more 2018-10-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8132 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2018-10-30 5.0 MEDIUM N/A
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
CVE-2016-2851 3 Cypherpunks, Debian, Opensuse 4 Libotr, Debian Linux, Leap and 1 more 2018-10-30 7.5 HIGH 9.8 CRITICAL
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
CVE-2016-2191 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Leap and 2 more 2018-10-30 4.3 MEDIUM 6.5 MEDIUM
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
CVE-2014-9660 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2018-10-30 7.5 HIGH N/A
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.