Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:debian:debian_linux:7.0
There are 1,060 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2015-0294

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

Published: January 27, 2020; 11:15:10 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-0244

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.

Published: January 27, 2020; 11:15:10 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2015-0243

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Published: January 27, 2020; 11:15:10 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2015-0242

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.

Published: January 27, 2020; 11:15:10 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2015-0241

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.

Published: January 27, 2020; 11:15:10 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2014-8161

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Published: January 27, 2020; 11:15:10 AM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2014-4172

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.

Published: January 24, 2020; 2:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2014-7844

BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.

Published: January 14, 2020; 12:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2013-4357

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

Published: December 31, 2019; 2:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-8313

GnuTLS incorrectly validates the first byte of padding in CBC modes

Published: December 20, 2019; 9:15:11 AM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2013-7325

An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.

Published: December 03, 2019; 6:15:11 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2015-0837

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

Published: November 29, 2019; 5:15:11 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.

Published: November 29, 2019; 5:15:11 PM -0500
V3.1: 4.2 MEDIUM
V2.0: 1.9 LOW
CVE-2015-1855

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

Published: November 29, 2019; 4:15:10 PM -0500
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Published: November 20, 2019; 4:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-3166

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.

Published: November 20, 2019; 4:15:11 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2015-1606

The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.

Published: November 20, 2019; 2:15:11 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2013-1811

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

Published: November 07, 2019; 6:15:10 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2013-4412

slim has NULL pointer dereference when using crypt() method from glibc 2.17

Published: November 04, 2019; 8:15:10 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2013-1934

A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.

Published: October 31, 2019; 4:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW