Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-7008 |
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. Published: December 23, 2023; 8:15:07 AM -0500 |
V3.1: 5.9 MEDIUM V2.0:(not available) |
CVE-2023-39417 |
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. Published: August 11, 2023; 9:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2016-2338 |
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. Published: September 28, 2022; 11:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2021-31891 |
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. Published: September 14, 2021; 7:15:24 AM -0400 |
V3.1: 10.0 CRITICAL V2.0: 10.0 HIGH |
CVE-2021-27577 |
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Published: June 29, 2021; 8:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-1877 |
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. Published: June 02, 2021; 1:15:08 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-0569 |
Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Published: November 23, 2020; 12:15:12 PM -0500 |
V3.1: 5.7 MEDIUM V2.0: 2.7 LOW |
CVE-2020-4067 |
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3. Published: June 29, 2020; 4:15:10 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-15011 |
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. Published: June 24, 2020; 8:15:10 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 2.6 LOW |
CVE-2020-14954 |
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Published: June 21, 2020; 1:15:09 PM -0400 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-14929 |
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. Published: June 19, 2020; 3:15:12 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-8165 |
A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. Published: June 19, 2020; 2:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-8164 |
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. Published: June 19, 2020; 1:15:18 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-13033 |
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. Published: June 18, 2020; 2:15:10 PM -0400 |
V3.1: 3.3 LOW V2.0: 2.1 LOW |
CVE-2020-14405 |
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. Published: June 17, 2020; 12:15:12 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-14404 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. Published: June 17, 2020; 12:15:12 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-14403 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. Published: June 17, 2020; 12:15:12 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-14402 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. Published: June 17, 2020; 12:15:12 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-14401 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. Published: June 17, 2020; 12:15:12 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2020-14400 |
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary Published: June 17, 2020; 12:15:11 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |