Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0156 |
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion. Published: January 13, 2013; 5:55:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-0155 |
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694. Published: January 13, 2013; 5:55:00 PM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2012-2251 |
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. Published: January 10, 2013; 8:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2012-5653 |
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. Published: January 02, 2013; 8:55:03 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2012-2239 |
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php. Published: November 24, 2012; 3:55:02 PM -0500 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2012-3515 |
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." Published: November 23, 2012; 3:55:03 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-5842 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: November 21, 2012; 7:55:03 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-5829 |
Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. Published: November 21, 2012; 7:55:03 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-4216 |
Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Published: November 21, 2012; 7:55:02 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-4207 |
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. Published: November 21, 2012; 7:55:02 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4201 |
The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. Published: November 21, 2012; 7:55:01 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-5519 |
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. Published: November 19, 2012; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-4533 |
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line. Published: November 18, 2012; 7:55:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-4564 |
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. Published: November 11, 2012; 8:00:58 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-3197 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. Published: October 16, 2012; 8:55:02 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-3180 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. Published: October 16, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-3177 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. Published: October 16, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-3173 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin. Published: October 16, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-3167 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. Published: October 16, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-3166 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB. Published: October 16, 2012; 8:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |