Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-4361 |
MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. Published: January 08, 2012; 6:55:19 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4360 |
MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter. Published: January 08, 2012; 6:55:18 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-3919 |
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: January 07, 2012; 6:55:13 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-4862 |
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. Published: December 24, 2011; 8:55:02 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-4362 |
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. Published: December 24, 2011; 2:55:05 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4517 |
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file. Published: December 14, 2011; 10:57:34 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-4516 |
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. Published: December 14, 2011; 10:57:34 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3905 |
libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Published: December 13, 2011; 4:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4539 |
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet. Published: December 08, 2011; 6:55:02 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4566 |
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. Published: November 28, 2011; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2011-3895 |
Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. Published: November 11, 2011; 6:55:02 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-3892 |
Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream. Published: November 11, 2011; 6:55:02 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-2189 |
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd. Published: October 10, 2011; 6:55:05 AM -0400 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2011-2766 |
The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. Published: September 23, 2011; 6:55:03 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-2834 |
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. Published: September 19, 2011; 8:02:55 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-3389 |
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. Published: September 06, 2011; 3:55:03 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2821 |
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. Published: August 29, 2011; 11:55:01 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-2749 |
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet. Published: August 15, 2011; 5:55:02 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2011-2748 |
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. Published: August 15, 2011; 5:55:02 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2011-2818 |
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering. Published: August 02, 2011; 8:55:02 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |