Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
10011 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3427 | 2 Debian, Quassel-irc | 2 Debian Linux, Quassel | 2025-04-12 | N/A |
| Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422. | ||||
| CVE-2015-7695 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2025-04-12 | N/A |
| The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. | ||||
| CVE-2015-3011 | 2 Debian, Owncloud | 2 Debian Linux, Owncloud | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact. | ||||
| CVE-2016-5238 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2025-04-12 | 4.4 Medium |
| The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to reading from the information transfer buffer in non-DMA mode. | ||||
| CVE-2015-2922 | 5 Debian, Fedoraproject, Linux and 2 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2025-04-12 | N/A |
| The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | ||||
| CVE-2016-5172 | 4 Debian, Google, Nodejs and 1 more | 4 Debian Linux, Chrome, Node.js and 1 more | 2025-04-12 | 6.5 Medium |
| The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. | ||||
| CVE-2014-9771 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2025-04-12 | N/A |
| Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. | ||||
| CVE-2016-5772 | 5 Debian, Opensuse, Php and 2 more | 8 Debian Linux, Leap, Opensuse and 5 more | 2025-04-12 | 9.8 Critical |
| Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. | ||||
| CVE-2013-5705 | 2 Debian, Trustwave | 2 Debian Linux, Modsecurity | 2025-04-12 | N/A |
| apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. | ||||
| CVE-2015-3333 | 3 Canonical, Debian, Google | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2014-2851 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. | ||||
| CVE-2015-1260 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2025-04-12 | N/A |
| Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. | ||||
| CVE-2015-1258 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2025-04-12 | N/A |
| Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. | ||||
| CVE-2015-1255 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. | ||||
| CVE-2014-9764 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2025-04-12 | N/A |
| imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. | ||||
| CVE-2015-1253 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2025-04-12 | N/A |
| core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. | ||||
| CVE-2015-1249 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2014-9747 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2025-04-12 | N/A |
| The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. | ||||
| CVE-2015-1236 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2025-04-12 | N/A |
| The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. | ||||
| CVE-2014-9718 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | N/A |
| The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in QEMU 1.0 through 2.1.3 have multiple interpretations of a function's return value, which allows guest OS users to cause a host OS denial of service (memory consumption or infinite loop, and system crash) via a PRDT with zero complete sectors, related to the bmdma_prepare_buf and ahci_dma_prepare_buf functions. | ||||