Filtered by vendor Debian Subscriptions
Total 10202 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-1241 6 Canonical, Debian, Google and 3 more 12 Ubuntu Linux, Debian Linux, Chrome and 9 more 2025-04-12 N/A
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
CVE-2016-9916 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 6.5 Medium
Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend.
CVE-2016-9915 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 6.5 Medium
Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the handle backend.
CVE-2014-5266 3 Debian, Drupal, Wordpress 3 Debian Linux, Drupal, Wordpress 2025-04-12 N/A
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
CVE-2016-9914 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-12 6.5 Medium
Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations.
CVE-2016-0742 6 Apple, Canonical, Debian and 3 more 7 Xcode, Ubuntu Linux, Debian Linux and 4 more 2025-04-12 7.5 High
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
CVE-2016-1235 2 Debian, Oar Project 2 Debian Linux, Oar 2025-04-12 N/A
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
CVE-2014-9057 2 Debian, Sixapart 2 Debian Linux, Movable Type 2025-04-12 N/A
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-7497 5 Canonical, Debian, Hp and 2 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2025-04-12 N/A
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
CVE-2015-5343 2 Apache, Debian 2 Subversion, Debian Linux 2025-04-12 N/A
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
CVE-2016-0668 7 Canonical, Debian, Mariadb and 4 more 11 Ubuntu Linux, Debian Linux, Mariadb and 8 more 2025-04-12 4.1 Medium
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
CVE-2016-9375 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-12 N/A
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
CVE-2015-4861 7 Canonical, Debian, Fedoraproject and 4 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2016-0644 6 Debian, Ibm, Mariadb and 3 more 8 Debian Linux, Powerkvm, Mariadb and 5 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
CVE-2015-1274 4 Debian, Google, Opensuse and 1 more 7 Debian Linux, Chrome, Opensuse and 4 more 2025-04-12 N/A
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.
CVE-2015-3332 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-12 N/A
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.
CVE-2015-4473 5 Canonical, Debian, Mozilla and 2 more 5 Ubuntu Linux, Debian Linux, Firefox and 2 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-4816 6 Canonical, Debian, Fedoraproject and 3 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
CVE-2015-3334 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2025-04-12 N/A
browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited.
CVE-2014-9271 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2025-04-12 5.4 Medium
Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename.