Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 8956 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3180 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2023-12-10 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
CVE-2013-6621 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2023-12-10 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
CVE-2013-3556 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2023-12-10 5.0 MEDIUM N/A
The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2012-2135 3 Canonical, Debian, Python 3 Ubuntu Linux, Debian Linux, Python 2023-12-10 6.4 MEDIUM N/A
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.
CVE-2013-2865 2 Debian, Google 2 Debian Linux, Chrome 2023-12-10 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2013-2927 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2023-12-10 6.8 MEDIUM N/A
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to submission for FORM elements.
CVE-2013-2886 2 Debian, Google 2 Debian Linux, Chrome 2023-12-10 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500.95 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2012-4430 2 Bacula, Debian 2 Bacula, Debian Linux 2023-12-10 4.0 MEDIUM N/A
The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
CVE-2013-2852 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2023-12-10 6.9 MEDIUM N/A
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
CVE-2011-3045 6 Debian, Fedoraproject, Google and 3 more 13 Debian Linux, Fedora, Chrome and 10 more 2023-12-10 6.8 MEDIUM N/A
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
CVE-2013-3555 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2023-12-10 5.0 MEDIUM N/A
epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2013-2487 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2023-12-10 7.8 HIGH N/A
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet, related to the (1) dissect_icecandidates, (2) dissect_kinddata, (3) dissect_nodeid_list, (4) dissect_storeans, (5) dissect_storereq, (6) dissect_storeddataspecifier, (7) dissect_fetchreq, (8) dissect_findans, (9) dissect_diagnosticinfo, (10) dissect_diagnosticresponse, (11) dissect_reload_messagecontents, and (12) dissect_reload_message functions, a different vulnerability than CVE-2013-2486.
CVE-2012-2751 4 Debian, Opensuse, Oracle and 1 more 4 Debian Linux, Opensuse, Http Server and 1 more 2023-12-10 4.3 MEDIUM N/A
ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.
CVE-2013-4234 2 Debian, Konstanty Bialkowski 2 Debian Linux, Libmodplug 2023-12-10 6.8 MEDIUM N/A
Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.
CVE-2012-3160 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2023-12-10 2.1 LOW N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
CVE-2012-1180 3 Debian, F5, Fedoraproject 3 Debian Linux, Nginx, Fedora 2023-12-10 5.0 MEDIUM N/A
Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
CVE-2013-2919 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2023-12-10 7.5 HIGH N/A
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2012-1186 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
CVE-2012-0260 5 Canonical, Debian, Imagemagick and 2 more 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVE-2013-1051 2 Canonical, Debian 3 Ubuntu Linux, Advanced Package Tool, Apt 2023-12-10 4.3 MEDIUM N/A
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.