Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 205 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2014-3686

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.

Published: October 15, 2014; 8:55:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1557

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.

Published: July 23, 2014; 7:12:43 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2014-4911

The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

Published: July 22, 2014; 10:55:09 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-2405

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.

Published: May 13, 2014; 8:55:08 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2014-0462

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.

Published: May 13, 2014; 8:55:07 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2014-1738

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.

Published: May 11, 2014; 5:55:05 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-1737

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

Published: May 11, 2014; 5:55:05 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-0196

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.

Published: May 07, 2014; 6:55:04 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-2983

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

Published: April 23, 2014; 11:55:05 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-0456

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Published: April 15, 2014; 9:55:09 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2014-0453

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.

Published: April 15, 2014; 9:55:09 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Published: April 07, 2014; 6:55:03 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2014-2324

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

Published: March 14, 2014; 11:55:05 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-2323

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

Published: March 14, 2014; 11:55:05 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2013-6476

The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.

Published: March 14, 2014; 11:55:05 AM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-6475

Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.

Published: March 14, 2014; 11:55:05 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-6474

Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.

Published: March 14, 2014; 11:55:05 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

Published: February 06, 2014; 5:55:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2011-4613

The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

Published: February 05, 2014; 2:55:28 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.

Published: January 21, 2014; 1:55:09 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM