Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-10-29 | CVE-2011-1408 | ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks. | Debian_linux, Ikiwiki | N/A | ||
2019-10-30 | CVE-2010-0749 | Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame. | Debian_linux, Transmission | N/A | ||
2019-10-30 | CVE-2010-0748 | Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link. | Debian_linux, Transmission | N/A | ||
2019-11-06 | CVE-2007-0899 | There is a possible heap overflow in libclamav/fsg.c before 0.100.0. | Clamav, Debian_linux | N/A | ||
2019-11-06 | CVE-2006-4245 | archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. | Archivemail, Debian_linux | N/A | ||
2019-11-04 | CVE-2005-4890 | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | Debian_linux, Shadow, Enterprise_linux, Sudo | N/A | ||
2016-11-02 | CVE-2016-8864 | named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. | Debian_linux, Bind, Data_ontap_edge, Solidfire, Steelstore_cloud_integrated_storage, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
2020-02-24 | CVE-2015-9542 | add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. | Ubuntu_linux, Debian_linux, Pam_radius | N/A | ||
2012-11-21 | CVE-2012-5829 | Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
2012-11-21 | CVE-2012-4216 | Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | Ubuntu_linux, Debian_linux, Firefox, Firefox_esr, Seamonkey, Thunderbird, Thunderbird_esr, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A |