Debian

Debian Linux

9142 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2016-4561

  • EPSS 0.3%
  • Published 10.05.2016 19:59:04
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.

8.8

CVE-2016-3105

  • EPSS 1.17%
  • Published 09.05.2016 20:59:03
  • Last modified 12.04.2025 10:46:40

The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.

10

CVE-2016-4422

  • EPSS 0.52%
  • Published 06.05.2016 17:59:08
  • Last modified 12.04.2025 10:46:40

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.

9.3

CVE-2015-8868

  • EPSS 0.8%
  • Published 06.05.2016 17:59:04
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mo...

3.3

CVE-2015-0858

  • EPSS 0.04%
  • Published 06.05.2016 17:59:01
  • Last modified 12.04.2025 10:46:40

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.

10

CVE-2015-0857

  • EPSS 3.12%
  • Published 06.05.2016 17:59:00
  • Last modified 12.04.2025 10:46:40

Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.

10

CVE-2016-3714

Warning
  • EPSS 93.75%
  • Published 05.05.2016 18:59:03
  • Last modified 12.04.2025 10:46:40

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "I...

5.9

CVE-2016-2107

  • EPSS 79.14%
  • Published 05.05.2016 01:59:03
  • Last modified 12.04.2025 10:46:40

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against...

7.5

CVE-2016-2105

  • EPSS 50.8%
  • Published 05.05.2016 01:59:01
  • Last modified 12.04.2025 10:46:40

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

7.8

CVE-2015-8325

  • EPSS 0.06%
  • Published 01.05.2016 01:59:00
  • Last modified 12.04.2025 10:46:40

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted...