Filtered by vendor Debian Subscriptions
Filtered by product Debian Linux Subscriptions
Total 9110 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-1000110 4 Debian, Fedoraproject, Python and 1 more 5 Debian Linux, Fedora, Python and 2 more 2024-11-21 6.1 Medium
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
CVE-2016-1000108 2 Debian, Yaws 2 Debian Linux, Yaws 2024-11-21 6.1 Medium
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
CVE-2016-1000002 4 Debian, Gnome, Opensuse and 1 more 4 Debian Linux, Gnome Display Manager, Leap and 1 more 2024-11-21 2.4 Low
gdm3 3.14.2 and possibly later has an information leak before screen lock
CVE-2015-9542 3 Canonical, Debian, Freeradius 3 Ubuntu Linux, Debian Linux, Pam Radius 2024-11-21 7.5 High
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
CVE-2015-9383 3 Canonical, Debian, Freetype 3 Ubuntu Linux, Debian Linux, Freetype 2024-11-21 6.5 Medium
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
CVE-2015-9382 3 Debian, Freetype, Redhat 3 Debian Linux, Freetype, Enterprise Linux 2024-11-21 N/A
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
CVE-2015-9381 3 Debian, Freetype, Redhat 3 Debian Linux, Freetype, Enterprise Linux 2024-11-21 N/A
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
CVE-2015-9268 2 Debian, Nullsoft 2 Debian Linux, Nullsoft Scriptable Install System 2024-11-21 7.8 High
Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe implicit linking against Version.dll. In other words, there is no protection mechanism in which a wrapper function resolves the dependency at an appropriate time during runtime.
CVE-2015-9267 2 Debian, Nullsoft 2 Debian Linux, Nullsoft Scriptable Install System 2024-11-21 5.5 Medium
Nullsoft Scriptable Install System (NSIS) before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program.
CVE-2015-9262 4 Canonical, Debian, Redhat and 1 more 8 Ubuntu Linux, Debian Linux, Ansible Tower and 5 more 2024-11-21 N/A
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
CVE-2015-9261 3 Busybox, Canonical, Debian 3 Busybox, Ubuntu Linux, Debian Linux 2024-11-21 5.5 Medium
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
CVE-2015-8313 2 Debian, Gnu 2 Debian Linux, Gnutls 2024-11-21 5.9 Medium
GnuTLS incorrectly validates the first byte of padding in CBC modes
CVE-2015-8011 4 Debian, Fedoraproject, Lldpd Project and 1 more 8 Debian Linux, Fedora, Lldpd and 5 more 2024-11-21 9.8 Critical
Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries.
CVE-2015-7810 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 4.7 Medium
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
CVE-2015-7542 3 Aquamaniac, Debian, Opensuse 3 Gwenhywfar, Debian Linux, Leap 2024-11-21 5.3 Medium
A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.
CVE-2015-5694 3 Debian, Openstack, Redhat 3 Debian Linux, Designate, Enterprise Linux Openstack Platform 2024-11-21 6.5 Medium
Designate does not enforce the DNS protocol limit concerning record set sizes
CVE-2015-5316 2 Debian, W1.fi 2 Debian Linux, Wpa Supplicant 2024-11-21 N/A
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.
CVE-2015-5315 2 Debian, W1.fi 2 Debian Linux, Wpa Supplicant 2024-11-21 N/A
The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.
CVE-2015-5314 2 Debian, W1.fi 2 Debian Linux, Wpa Supplicant 2024-11-21 N/A
The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with (1) an internal EAP server or (2) a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message.
CVE-2015-5230 2 Debian, Powerdns 2 Debian Linux, Authoritative 2024-11-21 7.5 High
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.