Debian

Debian Linux

9142 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2011-5326

  • EPSS 1.1%
  • Published 13.05.2016 16:59:00
  • Last modified 12.04.2025 10:46:40

imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.

7.5

CVE-2016-2849

  • EPSS 0.58%
  • Published 13.05.2016 14:59:10
  • Last modified 12.04.2025 10:46:40

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.

10

CVE-2016-2195

  • EPSS 6.11%
  • Published 13.05.2016 14:59:08
  • Last modified 12.04.2025 10:46:40

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.

7.5

CVE-2016-2194

  • EPSS 1.69%
  • Published 13.05.2016 14:59:07
  • Last modified 12.04.2025 10:46:40

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.

7.5

CVE-2015-7827

  • EPSS 0.44%
  • Published 13.05.2016 14:59:03
  • Last modified 12.04.2025 10:46:40

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.

7.8

CVE-2015-5727

  • EPSS 0.61%
  • Published 13.05.2016 14:59:02
  • Last modified 12.04.2025 10:46:40

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.

7.5

CVE-2015-5726

  • EPSS 0.87%
  • Published 13.05.2016 14:59:01
  • Last modified 12.04.2025 10:46:40

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.

5.5

CVE-2016-3712

  • EPSS 0.12%
  • Published 11.05.2016 21:59:02
  • Last modified 12.04.2025 10:46:40

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

8.8

CVE-2016-3710

  • EPSS 0.09%
  • Published 11.05.2016 21:59:01
  • Last modified 12.04.2025 10:46:40

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port...

6.1

CVE-2016-1236

  • EPSS 0.29%
  • Published 11.05.2016 21:59:00
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in ...