Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-06-19 | CVE-2017-1000366 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. | Debian_linux, Glibc, Web_gateway, Suse_linux_enterprise_desktop, Suse_linux_enterprise_point_of_sale, Suse_linux_enterprise_server, Cloud_magnum_orchestration, Leap, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_long_life, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_for_sap, Linux_enterprise_server, Linux_enterprise_server_for_raspberry_pi, Linux_enterprise_software_development_kit | 7.8 | ||
| 2017-08-07 | CVE-2017-12643 | ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c. | Debian_linux, Imagemagick | 6.5 | ||
| 2017-08-07 | CVE-2017-12640 | ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. | Debian_linux, Imagemagick | 8.8 | ||
| 2017-01-18 | CVE-2016-7906 | magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. | Debian_linux, Imagemagick | 5.5 | ||
| 2004-06-01 | CVE-2004-0179 | Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. | Debian_linux, Neon | N/A | ||
| 2017-01-23 | CVE-2016-9401 | popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | Debian_linux, Bash, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
| 2016-09-26 | CVE-2016-7142 | The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. | Debian_linux, Inspircd | 5.9 | ||
| 2016-04-12 | CVE-2015-8702 | The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname. | Debian_linux, Inspircd | 8.6 | ||
| 2017-04-13 | CVE-2015-6674 | Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836. | Debian_linux, Inspircd | 9.8 | ||
| 2016-04-13 | CVE-2015-8806 | dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. | Ubuntu_linux, Debian_linux, Libxml2 | N/A |