Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 205 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2013-6425

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.

Published: January 18, 2014; 2:55:07 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-4969

Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.

Published: January 07, 2014; 1:55:06 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-6890

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.

Published: December 23, 2013; 5:55:03 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-7020

The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

Published: December 09, 2013; 11:36:49 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-6410

nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.

Published: December 07, 2013; 3:55:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-4559

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached.

Published: November 20, 2013; 9:12:30 AM -0500
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2013-4560

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.

Published: November 20, 2013; 9:12:30 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-4508

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.

Published: November 07, 2013; 11:47:22 PM -0500
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2013-4365

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

Published: October 17, 2013; 7:55:04 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-4234

Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.

Published: September 16, 2013; 3:14:39 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-4233

Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.

Published: September 16, 2013; 3:14:38 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-4243

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

Published: September 10, 2013; 3:55:11 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-4232

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.

Published: September 10, 2013; 3:55:11 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-4852

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.

Published: August 19, 2013; 7:55:09 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-4242

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

Published: August 19, 2013; 7:55:09 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2013-2175

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.

Published: August 19, 2013; 9:07:58 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-2070

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.

Published: July 19, 2013; 11:37:25 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-2064

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function.

Published: June 15, 2013; 3:55:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Published: May 29, 2013; 10:29:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-1915

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.

Published: April 25, 2013; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH