Search Results (Refine Search)
- CPE Product Version: cpe:/o:debian:debian_linux:8.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-6621 |
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element. Published: November 13, 2013; 10:55:04 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4508 |
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. Published: November 07, 2013; 11:47:22 PM -0500 |
V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM |
CVE-2013-2927 |
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements. Published: October 16, 2013; 4:55:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-2919 |
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Published: October 02, 2013; 6:35:35 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2861 |
Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: June 04, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2860 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. Published: June 04, 2013; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2859 |
Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. Published: June 04, 2013; 8:55:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2858 |
Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: June 04, 2013; 8:55:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2857 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. Published: June 04, 2013; 8:55:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2856 |
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. Published: June 04, 2013; 8:55:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2855 |
The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Published: June 04, 2013; 8:55:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-2443 |
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. Published: May 29, 2013; 10:29:06 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-3559 |
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet. Published: May 24, 2013; 11:18:16 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-4929 |
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. Published: September 15, 2012; 2:55:03 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2009-3555 |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Published: November 09, 2009; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2005-1513 |
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request. Published: May 11, 2005; 12:00:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 5.0 MEDIUM |