Debian

Debian Linux

9142 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.6

CVE-2014-9269

  • EPSS 0.41%
  • Published 09.01.2015 18:59:01
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.

4.3

CVE-2012-6684

Exploit
  • EPSS 0.44%
  • Published 08.01.2015 01:59:01
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.

5

CVE-2014-9221

  • EPSS 7.91%
  • Published 07.01.2015 19:59:01
  • Last modified 12.04.2025 10:46:40

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

7.5

CVE-2014-8145

Exploit
  • EPSS 13%
  • Published 31.12.2014 22:59:03
  • Last modified 12.04.2025 10:46:40

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.

5

CVE-2014-8132

  • EPSS 3.29%
  • Published 29.12.2014 00:59:00
  • Last modified 12.04.2025 10:46:40

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.

5

CVE-2014-3580

  • EPSS 18.54%
  • Published 18.12.2014 15:59:00
  • Last modified 12.04.2025 10:46:40

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does n...

3.5

CVE-2014-5353

  • EPSS 0.47%
  • Published 16.12.2014 23:59:00
  • Last modified 12.04.2025 10:46:40

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via...

5

CVE-2014-9323

Exploit
  • EPSS 1.73%
  • Published 16.12.2014 18:59:14
  • Last modified 12.04.2025 10:46:40

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

7.5

CVE-2014-9057

  • EPSS 0.36%
  • Published 16.12.2014 18:59:12
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.6

CVE-2013-6435

  • EPSS 5.09%
  • Published 16.12.2014 18:59:00
  • Last modified 12.04.2025 10:46:40

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the...