Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv3
CVE-2019-18345
A reflected XSS issue exists in DAViCal up to and including 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If th...
Davical Davical
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2019-18397
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi up to and including 1.0.7 allows an malicious user to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this ...
Gnu Fribidi
Debian Debian Linux 10.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-17848
An issue exists in Enigmail prior to 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appe...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2021-43528
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability af...
Mozilla Thunderbird
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.1
CVSSv3
CVE-2017-18121
The consentAdmin module in SimpleSAMLphp up to and including 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an malicious user to craft links that could execute arbitrary JavaScript code on the victim's web browser.
Simplesamlphp Simplesamlphp
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
8.1
CVSSv3
CVE-2017-18122
A signature-validation bypass issue exists in SimpleSAMLphp up to and including 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the a...
Simplesamlphp Simplesamlphp
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2018-7419
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector could crash. This was addressed in epan/dissectors/asn1/nbap/nbap.cnf by ensuring DCH ID initialization.
Wireshark Wireshark
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
5.4
CVSSv3
CVE-2019-16223
WordPress prior to 5.2.3 allows XSS in post previews by authenticated users.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
5.9
CVSSv3
CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected ...
Mozilla Thunderbird
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2018-5336
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
Wireshark Wireshark
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »