Search Results (Refine Search)
- CPE Product Version: cpe:/o:debian:debian_linux:3.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-31891 |
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. Published: September 14, 2021; 7:15:24 AM -0400 |
V3.1: 10.0 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-19200 |
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. Published: November 12, 2018; 10:29:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-8156 |
The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. Published: September 25, 2017; 9:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-3062 |
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. Published: June 16, 2016; 2:59:08 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2007-6220 |
typespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error. Published: December 04, 2007; 12:46:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-0454 |
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. Published: February 05, 2007; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-2661 |
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. Published: May 30, 2006; 3:02:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-2016 |
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. Published: April 25, 2006; 8:50:00 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2006-0050 |
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. Published: March 23, 2006; 6:06:00 AM -0500 |
V3.x:(not available) V2.0: 1.2 LOW |
CVE-2006-0042 |
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. Published: February 18, 2006; 4:02:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-3624 |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-3625 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2005-3626 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-4347 |
The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-4178 |
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. Published: December 12, 2005; 4:03:00 PM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2005-3323 |
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. Published: October 27, 2005; 6:02:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-3120 |
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. Published: October 17, 2005; 4:06:00 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2005-2700 |
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. Published: September 06, 2005; 7:03:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2005-1527 |
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. Published: August 15, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-1689 |
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. Published: July 18, 2005; 12:00:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |