Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-05-12 | CVE-2015-3451 | The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Xml\-Libxml | N/A | ||
| 2018-10-31 | CVE-2018-18873 | An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. | Ubuntu_linux, Debian_linux, Jasper, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2016-02-12 | CVE-2016-2073 | The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. | Ubuntu_linux, Debian_linux, Libxml2 | N/A | ||
| 2020-04-15 | CVE-2020-11729 | An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Long-term session cookies, uses to provide long-term session continuity, are not generated securely, enabling a brute-force attack that may be successful. | Andrew\'s_web_libraries, Debian_linux | N/A | ||
| 2020-04-15 | CVE-2020-11728 | An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session. | Andrew\'s_web_libraries, Debian_linux | N/A | ||
| 2018-12-17 | CVE-2018-18245 | Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. | Debian_linux, Nagios_core | 5.4 | ||
| 2020-03-31 | CVE-2020-10595 | pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code... | Debian_linux, Pam\-Krb5 | N/A | ||
| 2016-01-14 | CVE-2015-8605 | ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. | Ubuntu_linux, Debian_linux, Dhcp, Unified_threat_management_up2date | 6.5 | ||
| 2012-07-25 | CVE-2012-3954 | Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. | Ubuntu_linux, Debian_linux, Dhcp | N/A | ||
| 2012-07-25 | CVE-2012-3571 | ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. | Ubuntu_linux, Debian_linux, Dhcp | N/A |