Debian Security Vulnerabilities (CVEs)

This vulnerability allows remote authenticated users to upload malicious PHP files with alternative extensions (.php3, .php4, .php5, .phtml) through C...

CVE-2019-19921 is a privilege escalation vulnerability in runc (container runtime) that allows attackers with container creation privileges to escape ...

This vulnerability allows remote attackers to trigger an out-of-bounds heap buffer access in QEMU's iSCSI Block driver, potentially causing denial of ...

This vulnerability is a JavaScript implementation flaw in Google Chrome that allows remote attackers to potentially exploit heap corruption via crafte...

This vulnerability in Google Chrome's PDFium component allows attackers to exploit heap corruption by tricking users into opening malicious PDF files....

This vulnerability in Google Chrome on macOS allows attackers to execute arbitrary code by convincing users to install a malicious extension. It affec...

This vulnerability in Google Chrome's Blink rendering engine allows remote attackers to potentially execute arbitrary code or cause denial of service ...

CVE-2020-6406 is a use-after-free vulnerability in Chrome's audio component that allows remote attackers to potentially exploit heap corruption via cr...

This is a type confusion vulnerability in Chrome's JavaScript engine that could allow an attacker to corrupt heap memory. Attackers can exploit this b...

HtmlUnit versions before 2.37.0 contain improper Rhino JavaScript engine initialization that allows malicious JavaScript to execute arbitrary Java cod...

CVE-2019-15604 is an improper certificate validation vulnerability in Node.js that causes the process to crash when processing a specially crafted X.5...

CVE-2016-9928 is a roster push vulnerability in MCabber XMPP client that allows attackers to manipulate contact rosters. Remote attackers can add them...

CVE-2020-5208 is a buffer overflow vulnerability in ipmitool that allows remote attackers to execute arbitrary code on systems running vulnerable vers...

CVE-2020-8450 is a buffer overflow vulnerability in Squid proxy servers configured as reverse proxies. Remote attackers can exploit incorrect buffer m...

This CVE describes a stack-based buffer overflow vulnerability in Sudo when the pwfeedback option is enabled. Attackers can exploit this by providing ...

This vulnerability is a heap-based buffer overflow in OpenJPEG's JPEG 2000 image processing library. It allows attackers to execute arbitrary code or ...

This vulnerability in PostgreSQL's to_char function allows remote authenticated users to trigger buffer over-reads or buffer overflows via specially c...

This vulnerability in PostgreSQL's pgcrypto extension allows remote authenticated users to trigger buffer overflows, potentially causing denial of ser...

CVE-2019-16792 is an HTTP request smuggling vulnerability in Waitress web server that allows attackers to bypass security controls by sending duplicat...

This vulnerability in libxml2 2.9.10 causes a memory leak in the xmlSchemaValidateStream function when processing XML schemas. It affects any applicat...

CVE-2020-7595 is an infinite loop vulnerability in libxml2's XML parser that occurs during specific end-of-file conditions. When exploited, it causes ...

CVE-2020-7040 is a symlink attack vulnerability in storeBackup.pl that allows local users to create or manipulate the /tmp/storeBackup.lock file. This...

This vulnerability in hiredis library versions through 0.14.0 allows denial of service attacks due to NULL pointer dereference when malloc fails to al...

This vulnerability in ClamAV allows remote attackers to cause denial of service by sending specially crafted email files that trigger inefficient MIME...

This CVE describes a Java serialization vulnerability that allows remote code execution. Attackers can exploit it via network protocols to compromise ...

This vulnerability in PowerDNS Authoritative Server allows remote attackers to crash the DNS service by sending specially crafted DNS query packets. I...

This vulnerability in SchedMD Slurm allows local users to execute the 'srun --uid' command with incorrect privileges, potentially enabling privilege e...

This vulnerability in OpenJPEG allows attackers to execute arbitrary code or cause denial of service via a heap-based buffer overflow when processing ...

This SQL injection vulnerability in phpMyAdmin allows authenticated attackers to inject malicious SQL queries through the username field on the user a...

A type confusion vulnerability in Firefox and Firefox ESR could allow attackers to execute arbitrary code by exploiting missing case handling for obje...

This CVE describes memory safety bugs in Firefox and Firefox ESR that could lead to memory corruption. With sufficient effort, attackers could potenti...

This vulnerability allows an attacker to bypass TCP-based intrusion detection signatures in Suricata by sending specially crafted TCP packets with inv...

CVE-2019-19911 is a denial-of-service vulnerability in Pillow's FpxImagePlugin that occurs when processing specially crafted FPX images. The vulnerabi...

This vulnerability is a buffer overflow in the FLI image decoder component of Pillow (Python Imaging Library). Attackers can exploit this by crafting ...

An off-by-one error in OpenLDAP's dnssrv backend allows attackers to crash the slapd service by sending crafted DNS SRV responses. This affects OpenLD...