Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-01-23 | CVE-2016-9401 | popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | Debian_linux, Bash, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
2016-09-26 | CVE-2016-7142 | The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. | Debian_linux, Inspircd | 5.9 | ||
2016-04-12 | CVE-2015-8702 | The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname. | Debian_linux, Inspircd | 8.6 | ||
2017-04-13 | CVE-2015-6674 | Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836. | Debian_linux, Inspircd | 9.8 | ||
2016-04-13 | CVE-2015-8806 | dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. | Ubuntu_linux, Debian_linux, Libxml2 | N/A | ||
2017-04-11 | CVE-2015-8613 | Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. | Debian_linux, Qemu | N/A | ||
2018-10-09 | CVE-2018-17958 | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | Ubuntu_linux, Debian_linux, Qemu, Virtualization, Virtualization_manager | N/A | ||
2018-08-16 | CVE-2018-14567 | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | Ubuntu_linux, Debian_linux, Libxml2 | 6.5 | ||
2018-07-19 | CVE-2018-14404 | A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. | Ubuntu_linux, Debian_linux, Libxml2 | 7.5 | ||
2017-05-02 | CVE-2017-8112 | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | Debian_linux, Qemu | N/A |