Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8852 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8823 2 Debian, Tor Project 2 Debian Linux, Tor 2017-12-21 6.8 MEDIUM 8.1 HIGH
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013.
CVE-2016-1253 1 Debian 2 Debian Linux, Most 2017-12-20 10.0 HIGH 9.8 CRITICAL
The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.
CVE-2001-0458 4 Debian, Mandrakesoft, Ralf S. Engelschall and 1 more 4 Debian Linux, Mandrake Linux, Eperl and 1 more 2017-12-19 7.5 HIGH N/A
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
CVE-2001-0441 3 Debian, Mandrakesoft, Redhat 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more 2017-12-19 7.5 HIGH N/A
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
CVE-1999-1496 3 Debian, Redhat, Todd Miller 3 Debian Linux, Linux, Sudo 2017-12-19 2.1 LOW N/A
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
CVE-2017-16613 2 Debian, Openstack 3 Debian Linux, Swauth, Swift 2017-12-12 7.5 HIGH 9.8 CRITICAL
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
CVE-2017-16899 2 Debian, Xfig Project 2 Debian Linux, Xfig 2017-12-11 5.8 MEDIUM 7.1 HIGH
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.
CVE-2016-0773 3 Canonical, Debian, Postgresql 3 Ubuntu Linux, Debian Linux, Postgresql 2017-12-09 5.0 MEDIUM 7.5 HIGH
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
CVE-2016-0739 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2017-12-09 4.3 MEDIUM 5.9 MEDIUM
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
CVE-2014-6272 2 Debian, Libevent Project 2 Debian Linux, Libevent 2017-12-09 7.5 HIGH N/A
Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later.
CVE-2017-8811 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 4.3 MEDIUM 6.1 MEDIUM
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
CVE-2017-8810 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 5.0 MEDIUM 7.5 HIGH
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
CVE-2017-8809 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 7.5 HIGH 9.8 CRITICAL
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
CVE-2017-8808 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 4.3 MEDIUM 6.1 MEDIUM
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
CVE-2017-8814 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 5.0 MEDIUM 7.5 HIGH
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
CVE-2017-8815 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2017-11-28 5.0 MEDIUM 7.5 HIGH
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
CVE-2017-16227 2 Debian, Quagga 2 Debian Linux, Quagga 2017-11-18 5.0 MEDIUM 7.5 HIGH
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.
CVE-2012-2947 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2017-11-13 2.6 LOW N/A
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
CVE-2016-1246 3 Dbd-mysql Project, Debian, Perl 3 Dbd-mysql, Debian Linux, Perl 2017-11-13 5.0 MEDIUM 7.5 HIGH
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
CVE-2015-2575 3 Debian, Mysql, Suse 5 Debian Linux, Mysql, Linux Enterprise Desktop and 2 more 2017-11-10 4.9 MEDIUM N/A
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.