Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Filtered by product Debian Linux
Total 8817 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2175 4 Canonical, Debian, Haproxy and 1 more 4 Ubuntu Linux, Debian Linux, Haproxy and 1 more 2023-12-10 5.0 MEDIUM N/A
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
CVE-2013-4389 3 Debian, Opensuse, Rubyonrails 3 Debian Linux, Opensuse, Rails 2023-12-10 4.3 MEDIUM N/A
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
CVE-2013-3561 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2023-12-10 7.8 HIGH N/A
Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector.
CVE-2013-6632 2 Debian, Google 2 Debian Linux, Chrome 2023-12-10 9.3 HIGH N/A
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
CVE-2013-2856 2 Debian, Google 2 Debian Linux, Chrome 2023-12-10 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
CVE-2012-1185 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2023-12-10 6.8 MEDIUM 7.8 HIGH
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
CVE-2013-2072 2 Debian, Xen 2 Debian Linux, Xen 2023-12-10 7.4 HIGH N/A
Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.
CVE-2013-4475 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2023-12-10 4.0 MEDIUM N/A
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).
CVE-2012-4388 3 Canonical, Debian, Php 3 Ubuntu Linux, Debian Linux, Php 2023-12-10 4.3 MEDIUM N/A
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398.
CVE-2012-3509 3 Canonical, Debian, Gnu 4 Ubuntu Linux, Debian Linux, Binutils and 1 more 2023-12-10 5.0 MEDIUM N/A
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
CVE-2012-0879 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2023-12-10 4.9 MEDIUM 5.5 MEDIUM
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
CVE-2013-4077 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2023-12-10 5.0 MEDIUM N/A
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c.
CVE-2013-2879 2 Debian, Google 2 Debian Linux, Chrome 2023-12-10 5.8 MEDIUM N/A
Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site.
CVE-2012-0867 4 Debian, Opensuse Project, Postgresql and 1 more 11 Debian Linux, Opensuse, Postgresql and 8 more 2023-12-10 4.3 MEDIUM N/A
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2013-4074 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2023-12-10 5.0 MEDIUM N/A
The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2013-3802 6 Canonical, Debian, Mariadb and 3 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2023-12-10 4.0 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
CVE-2013-2901 2 Debian, Google 2 Debian Linux, Chrome 2023-12-10 7.5 HIGH N/A
Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and (2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-4533 2 Debian, Viewvc 2 Debian Linux, Viewvc 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.
CVE-2012-3197 5 Canonical, Debian, Mariadb and 2 more 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more 2023-12-10 3.5 LOW N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
CVE-2013-3559 3 Debian, Opensuse, Wireshark 3 Debian Linux, Opensuse, Wireshark 2023-12-10 5.0 MEDIUM N/A
epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet.