ReportizFlow
Filtered by vendor Debian
Subscriptions
Total
10057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0849 | 1 Debian | 1 Pycode-browser | 2025-08-06 | 3.9 Low |
| pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. | ||||
| CVE-2015-0843 | 1 Debian | 1 Yubiserver | 2025-08-06 | 9.8 Critical |
| yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | ||||
| CVE-2015-0842 | 1 Debian | 1 Yubiserver | 2025-08-06 | 9.8 Critical |
| yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. | ||||
| CVE-2023-31122 | 4 Apache, Debian, Fedoraproject and 1 more | 5 Http Server, Debian Linux, Fedora and 2 more | 2025-08-01 | 7.5 High |
| Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. | ||||
| CVE-2024-33601 | 4 Debian, Gnu, Netapp and 1 more | 27 Debian Linux, Glibc, H300s and 24 more | 2025-08-01 | 7.3 High |
| nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. | ||||
| CVE-2024-8096 | 4 Curl, Debian, Haxx and 1 more | 16 Curl, Debian Linux, Curl and 13 more | 2025-07-30 | 6.5 Medium |
| When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate. | ||||
| CVE-2025-0838 | 2 Abseil, Debian | 2 Common Libraries, Debian Linux | 2025-07-30 | 9.8 Critical |
| There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 | ||||
| CVE-2021-3347 | 4 Debian, Fedoraproject, Linux and 1 more | 10 Debian Linux, Fedora, Linux Kernel and 7 more | 2025-07-24 | 7.8 High |
| An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. | ||||
| CVE-2024-5197 | 3 Debian, Redhat, Webmproject | 3 Debian Linux, Enterprise Linux, Libvpx | 2025-07-22 | 9.1 Critical |
| There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond | ||||
| CVE-2024-46901 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2025-07-15 | 3.1 Low |
| Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. | ||||
| CVE-2019-20208 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2025-07-11 | 5.5 Medium |
| dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. | ||||
| CVE-2019-13454 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2025-07-11 | 6.5 Medium |
| ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. | ||||
| CVE-2024-46544 | 3 Apache, Debian, Redhat | 6 Tomcat Connectors, Debian Linux, Enterprise Linux and 3 more | 2025-07-10 | 5.9 Medium |
| Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue. | ||||
| CVE-2017-5976 | 2 Debian, Gdraheim | 2 Debian Linux, Zziplib | 2025-07-10 | 5.5 Medium |
| Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | ||||
| CVE-2018-6869 | 3 Canonical, Debian, Gdraheim | 3 Ubuntu Linux, Debian Linux, Zziplib | 2025-07-10 | N/A |
| In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | ||||
| CVE-2017-5974 | 2 Debian, Gdraheim | 2 Debian Linux, Zziplib | 2025-07-10 | 5.5 Medium |
| Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | ||||
| CVE-2017-5975 | 2 Debian, Gdraheim | 2 Debian Linux, Zziplib | 2025-07-10 | 5.5 Medium |
| Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | ||||
| CVE-2020-18442 | 4 Debian, Fedoraproject, Gdraheim and 1 more | 4 Debian Linux, Fedora, Zziplib and 1 more | 2025-07-10 | 3.3 Low |
| Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". | ||||
| CVE-2019-16869 | 4 Canonical, Debian, Netty and 1 more | 14 Ubuntu Linux, Debian Linux, Netty and 11 more | 2025-07-07 | 7.5 High |
| Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | ||||
| CVE-2022-48279 | 4 Debian, Owasp, Redhat and 1 more | 4 Debian Linux, Modsecurity, Jboss Core Services and 1 more | 2025-07-03 | 7.5 High |
| In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase. | ||||