Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-12-14 | CVE-2010-4345 | Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. | Ubuntu_linux, Debian_linux, Exim, Opensuse | 7.8 | ||
| 2009-03-26 | CVE-2009-1151 | Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | Debian_linux, Phpmyadmin | 9.8 | ||
| 2014-05-07 | CVE-2014-0196 | The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. | Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_application_delivery_controller, Big\-Iq_centralized_management, Big\-Iq_cloud, Big\-Iq_cloud_and_orchestration, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Linux_kernel, Linux, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_eus, Suse_linux_enterprise_desktop, Suse_linux_enterprise_high_availability_extension, Suse_linux_enterprise_server | N/A | ||
| 2024-12-12 | CVE-2024-47606 | GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function... | Debian_linux, Gstreamer | 9.8 | ||
| 2024-05-22 | CVE-2024-4453 | GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an... | Debian_linux, Gstreamer | 7.8 | ||
| 2024-10-03 | CVE-2024-8508 | NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound... | Debian_linux, Unbound | 5.3 | ||
| 2023-10-04 | CVE-2023-43804 | urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. | Debian_linux, Fedora, Urllib3 | 8.1 | ||
| 2023-12-08 | CVE-2023-45866 | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. | Ipados, Iphone_os, Macos, Ubuntu_linux, Debian_linux, Fedora, Android | 6.3 | ||
| 2024-02-20 | CVE-2024-1547 | Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | Debian_linux, Firefox, Thunderbird | 6.5 | ||
| 2024-02-20 | CVE-2024-1550 | A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. | Debian_linux, Firefox, Thunderbird | 6.1 |