Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-08-15 | CVE-2011-2749 | The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. | Ubuntu_linux, Debian_linux, Dhcp | N/A | ||
| 2011-04-08 | CVE-2011-0997 | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | Ubuntu_linux, Debian_linux, Dhcp | N/A | ||
| 2019-02-09 | CVE-2019-7663 | An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900. | Ubuntu_linux, Debian_linux, Libtiff, Leap | 6.5 | ||
| 2020-03-10 | CVE-2012-1096 | NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | Debian_linux, Networkmanager | N/A | ||
| 2017-08-29 | CVE-2017-12865 | Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | Debian_linux, Connman | N/A | ||
| 2017-07-13 | CVE-2017-11173 | Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed. | Debian_linux, Rack\-Cors | N/A | ||
| 2017-06-29 | CVE-2017-10672 | Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. | Debian_linux, Xml\-Libxml | N/A | ||
| 2016-04-11 | CVE-2015-8710 | The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. | Debian_linux, Libxml2 | N/A | ||
| 2020-02-20 | CVE-2014-4678 | The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | Debian_linux, Ansible | N/A | ||
| 2020-02-20 | CVE-2011-4915 | fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. | Ubuntu_linux, Debian_linux, Linux_kernel | N/A |