Debian Security Vulnerabilities
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.
9.2AI Score
0.013EPSS
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary ...
7.6AI Score
0.032EPSS
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
7.5CVSS
7.4AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.
9.8CVSS
9.4AI Score
0.002EPSS
Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.
9.1AI Score
0.004EPSS
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
7.2AI Score
0.323EPSS
Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension.
6.1AI Score
0.011EPSS
Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting."
6AI Score
0.013EPSS
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
8.8AI Score
0.007EPSS
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
8.7AI Score
0.007EPSS
Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
6.2AI Score
0.015EPSS
Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.
6.3AI Score
0.006EPSS
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-sc...
7.6AI Score
0.969EPSS
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
7.8AI Score
0.075EPSS
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
9.8CVSS
9.7AI Score
0.005EPSS
v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.
7.8CVSS
7.5AI Score
0.0004EPSS
In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.
4.7CVSS
4.8AI Score
0.001EPSS
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
7.8CVSS
7.8AI Score
0.0004EPSS
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges...
6.8AI Score
0.003EPSS
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
7AI Score
0.018EPSS
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
8.6AI Score
0.01EPSS
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute ...
7.5AI Score
0.092EPSS
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
8.2CVSS
8AI Score
0.014EPSS
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.
7AI Score
0.451EPSS
Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
7.1AI Score
0.012EPSS
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent with...
5.5CVSS
5.2AI Score
0.0004EPSS
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message b...
5.5CVSS
5.3AI Score
0.0004EPSS
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message be...
5.5CVSS
5.3AI Score
0.0004EPSS
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
6.4AI Score
0.004EPSS
ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FT...
4.6AI Score
0.004EPSS
Thunar before 1.3.1 could crash when copy and pasting a file name with % format characters due to a format string error.
7.8CVSS
7.5AI Score
0.001EPSS
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
6.2AI Score
0.007EPSS
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by ...
6.2AI Score
0.007EPSS
Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
7.1AI Score
0.005EPSS
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
6.3AI Score
0.003EPSS
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
9.8CVSS
9.5AI Score
0.05EPSS
4.3CVSS
4.5AI Score
0.006EPSS
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
9.8CVSS
9.9AI Score
0.013EPSS
xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.
7.8CVSS
7.4AI Score
0.0004EPSS
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespac...
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.
6.8AI Score
0.002EPSS
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
5.3CVSS
5.3AI Score
0.013EPSS
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
7AI Score
0.021EPSS
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of erro...
6.5CVSS
7AI Score
0.028EPSS
PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.
5.3CVSS
5.4AI Score
0.0004EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) ...
5.7AI Score
0.008EPSS
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
9.8CVSS
9.3AI Score
0.883EPSS
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8.3AI Score
0.002EPSS
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and ...
8.8CVSS
8.9AI Score
0.013EPSS