Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
9110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7844 | 3 Bsd Mailx Project, Debian, Redhat | 9 Bsd Mailx, Debian Linux, Enterprise Linux and 6 more | 2024-11-21 | 7.8 High |
| BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | ||||
| CVE-2014-6311 | 2 Debian, Vanderbilt | 2 Debian Linux, Adaptive Communication Environment | 2024-11-21 | 9.8 Critical |
| generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | ||||
| CVE-2014-6310 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2024-11-21 | 9.8 Critical |
| Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | ||||
| CVE-2014-6275 | 2 Debian, Fusionforge | 2 Debian Linux, Fusionforge | 2024-11-21 | 5.9 Medium |
| FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it can allow users to incorrectly access on-disk private data in FusionForge. | ||||
| CVE-2014-6262 | 2 Debian, Zenoss | 2 Debian Linux, Zenoss Core | 2024-11-21 | 7.5 High |
| Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. | ||||
| CVE-2014-5439 | 2 Debian, Sniffit Project | 2 Debian Linux, Sniffit | 2024-11-21 | 7.8 High |
| Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. | ||||
| CVE-2014-5255 | 2 Debian, Xcfa Project | 2 Debian Linux, Xcfa | 2024-11-21 | 7.0 High |
| xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254. | ||||
| CVE-2014-4913 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2024-11-21 | 6.1 Medium |
| ZF2014-03 has a potential cross site scripting vector in multiple view helpers | ||||
| CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2024-11-21 | 9.8 Critical |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | ||||
| CVE-2014-4172 | 4 Apereo, Debian, Fedoraproject and 1 more | 6 .net Cas Client, Java Cas Client, Phpcas and 3 more | 2024-11-21 | 9.8 Critical |
| A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | ||||
| CVE-2014-3591 | 2 Debian, Gnupg | 3 Debian Linux, Gnupg, Libgcrypt | 2024-11-21 | 4.2 Medium |
| Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. | ||||
| CVE-2014-3495 | 2 Debian, Opensuse | 3 Debian Linux, Duplicity, Opensuse | 2024-11-21 | 7.5 High |
| duplicity 0.6.24 has improper verification of SSL certificates | ||||
| CVE-2014-2387 | 3 Debian, Opensuse, Pen Project | 3 Debian Linux, Opensuse, Pen | 2024-11-21 | 4.4 Medium |
| Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | ||||
| CVE-2014-2079 | 2 Debian, X File Explorer Project | 2 Debian Linux, X File Explorer | 2024-11-21 | N/A |
| X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares. | ||||
| CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-11-21 | 7.5 High |
| rc before 1.7.1-5 insecurely creates temporary files. | ||||
| CVE-2014-1935 | 2 9base Project, Debian | 2 9base, Debian Linux | 2024-11-21 | 5.3 Medium |
| 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. | ||||
| CVE-2014-10077 | 2 Debian, I18n Project | 2 Debian Linux, I18n | 2024-11-21 | N/A |
| Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash. | ||||
| CVE-2014-10073 | 2 Debian, Wpitchoune | 2 Debian Linux, Psensor | 2024-11-21 | 7.5 High |
| The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory. | ||||
| CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2024-11-21 | 9.8 Critical |
| mcollective has a default password set at install | ||||
| CVE-2014-0083 | 2 Debian, Net-ldap Project | 2 Debian Linux, Net-ldap | 2024-11-21 | 5.5 Medium |
| The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSHA passwords. | ||||