Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 205 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.

Published: September 14, 2021; 7:15:24 AM -0400
V3.1: 10.0 CRITICAL
V2.0: 10.0 HIGH

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

Published: December 31, 2019; 2:15:10 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.

Published: December 17, 2019; 1:15:12 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.

Published: November 15, 2019; 12:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

Published: November 14, 2019; 11:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".

Published: November 07, 2019; 6:15:10 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

Published: November 07, 2019; 1:15:11 PM -0500
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM

TYPO3 before 4.5.4 allows Information Disclosure in the backend.

Published: November 06, 2019; 12:15:11 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM

slim has NULL pointer dereference when using crypt() method from glibc 2.17

Published: November 04, 2019; 8:15:10 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

Published: November 12, 2018; 10:29:00 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM

The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.

Published: January 08, 2018; 2:29:00 PM -0500
V3.0: 8.1 HIGH
V2.0: 6.8 MEDIUM

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

Published: September 25, 2017; 9:29:00 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

Published: June 09, 2017; 12:29:02 PM -0400
V3.0: 6.7 MEDIUM
V2.0: 6.9 MEDIUM

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

Published: June 16, 2016; 2:59:08 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.

Published: April 14, 2016; 10:59:03 AM -0400
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

Published: April 13, 2016; 11:59:06 AM -0400
V3.0: 4.4 MEDIUM
V2.0: 1.7 LOW

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.

Published: December 16, 2015; 4:59:05 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM

A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.

Published: May 27, 2015; 6:59:08 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM

net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

Published: April 21, 2015; 6:59:01 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."

Published: October 20, 2014; 1:55:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM