Debian

Debian Linux

9142 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2016-3069

  • EPSS 2.83%
  • Published 13.04.2016 16:59:17
  • Last modified 12.04.2025 10:46:40

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.

8.8

CVE-2016-3068

  • EPSS 5%
  • Published 13.04.2016 16:59:16
  • Last modified 12.04.2025 10:46:40

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.

6.5

CVE-2016-2533

  • EPSS 1.18%
  • Published 13.04.2016 16:59:14
  • Last modified 12.04.2025 10:46:40

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

6.1

CVE-2016-2228

Exploit
  • EPSS 0.58%
  • Published 13.04.2016 16:59:12
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield...

6.5

CVE-2016-2191

Exploit
  • EPSS 2.84%
  • Published 13.04.2016 16:59:11
  • Last modified 12.04.2025 10:46:40

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

5.4

CVE-2016-2058

  • EPSS 0.24%
  • Published 13.04.2016 16:59:08
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page...

3.3

CVE-2016-2057

  • EPSS 0.1%
  • Published 13.04.2016 16:59:07
  • Last modified 12.04.2025 10:46:40

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

8.8

CVE-2016-2056

  • EPSS 56.35%
  • Published 13.04.2016 16:59:06
  • Last modified 12.04.2025 10:46:40

xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.

7.5

CVE-2016-2055

  • EPSS 68%
  • Published 13.04.2016 16:59:05
  • Last modified 12.04.2025 10:46:40

xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.

9.8

CVE-2016-2054

  • EPSS 4.09%
  • Published 13.04.2016 16:59:04
  • Last modified 12.04.2025 10:46:40

Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" comm...