Filtered by vendor Debian
Subscribe
Total
10205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31309 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2026-06-17 | N/A | 7.5 HIGH |
| HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue. | |||||
| CVE-2024-30205 | 2 Debian, Gnu | 3 Debian Linux, Emacs, Org Mode | 2026-06-17 | N/A | 7.1 HIGH |
| In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. | |||||
| CVE-2024-30204 | 2 Debian, Gnu | 3 Debian Linux, Emacs, Org Mode | 2026-06-17 | N/A | 2.8 LOW |
| In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. | |||||
| CVE-2024-30203 | 2 Debian, Gnu | 3 Debian Linux, Emacs, Org Mode | 2026-06-17 | N/A | 5.5 MEDIUM |
| In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | |||||
| CVE-2024-2961 | 3 Debian, Gnu, Netapp | 21 Debian Linux, Glibc, Active Iq Unified Manager and 18 more | 2026-06-17 | N/A | 7.3 HIGH |
| The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. | |||||
| CVE-2024-2614 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2026-06-17 | N/A | 8.8 HIGH |
| Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-2611 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2026-06-17 | N/A | 5.5 MEDIUM |
| A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-2609 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2026-06-17 | N/A | 6.1 MEDIUM |
| The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||||
| CVE-2024-2608 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2026-06-17 | N/A | 8.4 HIGH |
| `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-2607 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2026-06-17 | N/A | 8.1 HIGH |
| Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-2496 | 2 Debian, Redhat | 3 Debian Linux, Enterprise Linux, Libvirt | 2026-06-17 | N/A | 5.0 MEDIUM |
| A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. | |||||
| CVE-2024-29944 | 2 Debian, Mozilla | 2 Debian Linux, Firefox | 2026-06-17 | N/A | 8.4 HIGH |
| An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. | |||||
| CVE-2024-29025 | 2 Debian, Netty | 2 Debian Linux, Netty | 2026-06-17 | N/A | 5.3 MEDIUM |
| Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final. | |||||
| CVE-2024-28219 | 2 Debian, Python | 2 Debian Linux, Pillow | 2026-06-17 | N/A | 6.7 MEDIUM |
| In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | |||||
| CVE-2024-28182 | 3 Debian, Fedoraproject, Nghttp2 | 3 Debian Linux, Fedora, Nghttp2 | 2026-06-17 | N/A | 5.3 MEDIUM |
| nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. | |||||
| CVE-2024-28130 | 2 Debian, Offis | 2 Debian Linux, Dcmtk | 2026-06-17 | N/A | 7.5 HIGH |
| An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-28102 | 2 Debian, Latchset | 2 Debian Linux, Jwcrypto | 2026-06-17 | N/A | 6.8 MEDIUM |
| JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. | |||||
| CVE-2024-28085 | 2 Debian, Kernel | 2 Debian Linux, Util-linux | 2026-06-17 | N/A | 3.3 LOW |
| wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. | |||||
| CVE-2024-27437 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in request_irq() and subsequently disabled as necessary to align with the masked status flag. This presents a window where the interrupt could fire between these events, resulting in the IRQ incrementing the disable depth twice. This would be unrecoverable for a user since the masked flag prevents nested enables through vfio. Instead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx is never auto-enabled, then unmask as required. | |||||
| CVE-2024-27436 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array. | |||||