Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-23 | CVE-2024-0747 | When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2024-01-23 | CVE-2024-0750 | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2024-01-23 | CVE-2024-0751 | A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 8.8 | ||
| 2024-01-23 | CVE-2024-0753 | In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 6.5 | ||
| 2002-05-16 | CVE-2002-0184 | Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. | Debian_linux, Sudo | 7.8 | ||
| 2004-07-07 | CVE-2004-0434 | k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. | Debian_linux, Heimdal | 9.8 | ||
| 2010-12-22 | CVE-2010-4577 | The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." | Debian_linux, Fedora, Chrome, Chrome_os, Webkitgtk | 7.5 | ||
| 2019-07-15 | CVE-2019-1010006 | Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. | Ubuntu_linux, Debian_linux, Evince, Leap | 7.8 | ||
| 2020-09-02 | CVE-2020-15811 | An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an... | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid | 6.5 | ||
| 2021-12-08 | CVE-2021-43537 | An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 8.8 |