Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-07-31 | CVE-2009-1721 | The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Openexr, Opensuse | N/A | ||
| 2009-01-26 | CVE-2009-0269 | fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index. | Ubuntu_linux, Debian_linux, Linux_kernel, Opensuse | N/A | ||
| 2009-06-09 | CVE-2009-0949 | The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | Cups, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Opensuse, Linux_enterprise | 7.5 | ||
| 2009-08-14 | CVE-2009-2692 | The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. | Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Linux_enterprise_real_time | 7.8 | ||
| 2011-11-17 | CVE-2011-4107 | The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack. | Debian_linux, Fedora, Phpmyadmin | 6.5 | ||
| 2020-11-20 | CVE-2020-20739 | im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | Debian_linux, Fedora, Libvips | 5.3 | ||
| 2024-01-23 | CVE-2024-0749 | A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. | Debian_linux, Firefox, Firefox_esr, Thunderbird | 4.3 | ||
| 2005-01-24 | CVE-2005-0102 | Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. | Debian_linux, Evolution | 9.8 | ||
| 2005-05-11 | CVE-2005-1513 | Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request. | Ubuntu_linux, Debian_linux, Qmail | 9.8 | ||
| 2016-08-07 | CVE-2016-4029 | WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. | Debian_linux, Wordpress | 8.6 |