Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-1975 |
Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Published: August 29, 2012; 6:56:40 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-1974 |
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Published: August 29, 2012; 6:56:40 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-1973 |
Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Published: August 29, 2012; 6:56:39 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-1972 |
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Published: August 29, 2012; 6:56:39 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-1970 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: August 29, 2012; 6:56:39 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-2750 |
Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility. Published: August 16, 2012; 8:55:03 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-2135 |
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. Published: August 14, 2012; 6:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2012-3425 |
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. Published: August 13, 2012; 4:55:09 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2317 |
The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing. Published: August 07, 2012; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2665 |
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. Published: August 06, 2012; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2012-3867 |
lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. Published: August 06, 2012; 12:55:06 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3954 |
Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. Published: July 25, 2012; 6:42:35 AM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-3571 |
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. Published: July 25, 2012; 6:42:35 AM -0400 |
V3.x:(not available) V2.0: 6.1 MEDIUM |
CVE-2012-4048 |
The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. Published: July 24, 2012; 3:55:00 PM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2012-2751 |
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. Published: July 22, 2012; 12:55:27 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0867 |
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. Published: July 18, 2012; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2351 |
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. Published: July 12, 2012; 4:55:15 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2143 |
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. Published: July 05, 2012; 10:55:02 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0876 |
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. Published: July 03, 2012; 3:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-1149 |
Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. Published: June 21, 2012; 11:55:11 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |