Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
debian vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-17476
Open Ticket Request System (OTRS) 4.0.x prior to 4.0.28, 5.0.x prior to 5.0.26, and 6.0.x prior to 6.0.3, when cookie support is disabled, might allow remote malicious users to hijack web sessions and consequently gain privileges via a crafted email.
Otrs Otrs
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
8.2
CVSSv3
CVE-2011-1408
ikiwiki prior to 3.20110608 allows remote malicious users to hijack root's tty and run symlink attacks.
Ikiwiki Ikiwiki
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 8.0
7.5
CVSSv3
CVE-2021-33054
SOGo 2.x prior to 2.4.1 and 3.x up to and including 5.x prior to 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a ...
Inverse Sogo
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.5
CVSSv3
CVE-2018-1000069
FreePlane version 1.5.9 and previous versions contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This ...
Freeplane Freeplane
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Debian Debian Linux 8.0
5.9
CVSSv3
CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected ...
Mozilla Thunderbird
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2018-9261
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-nbap.c by prohibiting the self-linking of DCH-IDs.
Wireshark Wireshark
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
5.5
CVSSv3
CVE-2021-45944
Ghostscript GhostPDL 9.50 up to and including 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
Artifex Ghostscript
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.5
CVSSv3
CVE-2021-45949
Ghostscript GhostPDL 9.50 up to and including 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
Artifex Ghostscript
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2019-17669
WordPress prior to 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2019-17670
WordPress prior to 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs.
Wordpress Wordpress
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »