19 matches found
DEBIAN-CVE-2026-13966
Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-13023
Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-56113
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...
DEBIAN-CVE-2026-12022
Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...
DEBIAN-CVE-2026-11204
Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-42033
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the...
DEBIAN-CVE-2023-29939
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnvmlir::spirv::TargetEnvAttr...
DEBIAN-CVE-2023-0049
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143...
DEBIAN-CVE-2022-43551
A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...
DEBIAN-CVE-2021-23518
The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as instead of Object.createnull in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative...
DEBIAN-CVE-2021-32270
An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwidboxdel located in boxcodebase.c. It allows an attacker to cause Denial of Service...
DEBIAN-CVE-2020-28034
WordPress before 5.5.2 allows XSS associated with global variables...
DEBIAN-CVE-2019-11637
An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function recrsetgetprops at rec-rset.c in librec.a, leading to a crash...
DEBIAN-CVE-2017-13084
Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Station-To-Station-Link STSL Transient Key STK during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames...
DEBIAN-CVE-2016-2851
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow...
DEBIAN-CVE-2011-4099
The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors...
DEBIAN-CVE-2009-3994
Stack-based buffer overflow in the GetUID function in src-IL/src/ildicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted DICOM file...
DEBIAN-CVE-2002-1850
modcgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service hang and memory consumption by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script...
[SECURITY] ftpwatch package has major security problems
We have found that the ftpwatch package as distributed in Debian GNU/Linux 1.3 and later distributions has a security problem which makes it trivial for users to gain root access. We recommend that you remove the ftpwatch package immediately. We will be working on a new version of ftpwatch to...