Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-31891 |
A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. Published: September 14, 2021; 7:15:24 AM -0400 |
V3.1: 10.0 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-19200 |
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. Published: November 12, 2018; 10:29:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-14491 |
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Published: October 03, 2017; 9:29:02 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-14496 |
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. Published: October 02, 2017; 9:29:02 PM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2017-14495 |
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. Published: October 02, 2017; 9:29:02 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-14494 |
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. Published: October 02, 2017; 9:29:02 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14493 |
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. Published: October 02, 2017; 9:29:02 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-14492 |
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. Published: October 02, 2017; 9:29:02 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-13704 |
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. Published: October 02, 2017; 9:29:01 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-8156 |
The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. Published: September 25, 2017; 9:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-3062 |
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. Published: June 16, 2016; 2:59:08 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-6525 |
Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. Published: August 24, 2015; 10:59:14 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3279 |
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. Published: July 14, 2015; 12:59:03 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3258 |
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. Published: July 14, 2015; 12:59:02 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0252 |
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. Published: March 24, 2015; 1:59:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8096 |
The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value. Published: December 10, 2014; 10:59:08 AM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2013-6890 |
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. Published: December 23, 2013; 5:55:03 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-4852 |
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. Published: August 19, 2013; 7:55:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |