Debian

Debian Linux

9142 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-9089

Exploit
  • EPSS 0.54%
  • Veröffentlicht 28.11.2014 15:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.

7.5

CVE-2014-9093

  • EPSS 3.33%
  • Veröffentlicht 26.11.2014 15:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.

4.3

CVE-2014-9039

  • EPSS 1.68%
  • Veröffentlicht 25.11.2014 23:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.

6.8

CVE-2014-9037

  • EPSS 2.62%
  • Veröffentlicht 25.11.2014 23:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.

4.3

CVE-2014-9036

  • EPSS 0.59%
  • Veröffentlicht 25.11.2014 23:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence ...

4.3

CVE-2014-9035

  • EPSS 0.59%
  • Veröffentlicht 25.11.2014 23:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1

CVE-2010-5312

Exploit
  • EPSS 4.43%
  • Veröffentlicht 24.11.2014 16:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

7.1

CVE-2014-9030

  • EPSS 2.32%
  • Veröffentlicht 24.11.2014 15:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.

5

CVE-2014-9016

  • EPSS 79.79%
  • Veröffentlicht 24.11.2014 15:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.

6.8

CVE-2014-9015

  • EPSS 1.91%
  • Veröffentlicht 24.11.2014 15:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.