Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-4365 |
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Published: October 17, 2013; 7:55:04 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-3839 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Published: October 16, 2013; 11:55:34 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-4234 |
Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC. Published: September 16, 2013; 3:14:39 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-4233 |
Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow. Published: September 16, 2013; 3:14:38 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-4243 |
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. Published: September 10, 2013; 3:55:11 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-4232 |
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. Published: September 10, 2013; 3:55:11 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-4852 |
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. Published: August 19, 2013; 7:55:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-4242 |
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Published: August 19, 2013; 7:55:09 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-2175 |
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. Published: August 19, 2013; 9:07:58 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-2070 |
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. Published: July 19, 2013; 11:37:25 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-2064 |
Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Published: June 15, 2013; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-2852 |
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. Published: June 07, 2013; 10:03:20 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2002-2443 |
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. Published: May 29, 2013; 10:29:06 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1915 |
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability. Published: April 25, 2013; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-1427 |
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition. Published: March 21, 2013; 1:55:03 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2013-2481 |
Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. Published: March 07, 2013; 10:55:01 AM -0500 |
V3.x:(not available) V2.0: 2.9 LOW |
CVE-2013-2480 |
The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. Published: March 07, 2013; 10:55:01 AM -0500 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2013-0900 |
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: February 23, 2013; 4:55:02 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-3363 |
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack. Published: February 13, 2013; 12:55:01 PM -0500 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2012-6075 |
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Published: February 12, 2013; 8:55:03 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |