Debian Linux Security Vulnerabilities and Issues — Debian Linux CVE List

Lucene search

DebianDebian Linux

16 matches found

CVE•added 2011/01/03 8:0 p.m.•306 views

CVE-2010-3873

The X.25 implementation in the Linux kernel before 2.6.36.2 does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE data,...

5CVSS7.3AI score0.03368EPSS

CVE•added 2011/01/28 10:0 p.m.•125 views

CVE-2010-3450

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.

9.3CVSS6.5AI score0.02024EPSS

CVE•added 2011/01/28 10:0 p.m.•123 views

CVE-2010-3451

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.

9.3CVSS7AI score0.09087EPSS

CVE•added 2011/01/28 10:0 p.m.•123 views

CVE-2010-3454

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC ...

9.3CVSS7AI score0.07017EPSS

CVE•added 2011/01/03 8:0 p.m.•118 views

CVE-2010-3876

net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures.

1.9CVSS5.6AI score0.00058EPSS

CVE•added 2011/01/28 10:0 p.m.•114 views

CVE-2010-3453

The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (appl...

9.3CVSS7AI score0.07674EPSS

CVE•added 2011/01/28 10:0 p.m.•106 views

CVE-2010-3452

9.3CVSS7AI score0.07106EPSS

CVE•added 2011/01/03 8:0 p.m.•105 views

CVE-2010-3875

The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

2.1CVSS5.5AI score0.00073EPSS

CVE•added 2011/01/28 10:0 p.m.•103 views

CVE-2010-4253

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) d...

9.3CVSS7.1AI score0.05177EPSS

CVE•added 2011/01/03 8:0 p.m.•99 views

CVE-2010-4164

Multiple integer underflows in the x25_parse_facilities function in net/x25/x25_facilities.c in the Linux kernel before 2.6.36.2 allow remote attackers to cause a denial of service (system crash) via malformed X.25 (1) X25_FAC_CLASS_A, (2) X25_FAC_CLASS_B, (3) X25_FAC_CLASS_C, or (4) X25_FAC_CLASS_...

7.8CVSS7AI score0.03368EPSS

CVE•added 2011/01/03 8:0 p.m.•98 views

CVE-2010-3877

The get_name function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure.

1.9CVSS5.5AI score0.00108EPSS

CVE•added 2011/01/14 5:0 p.m.•90 views

CVE-2011-0480

Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a craf...

9.3CVSS7.4AI score0.02234EPSS

CVE•added 2011/01/28 10:0 p.m.•84 views

CVE-2010-3689

soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.9CVSS6.2AI score0.00056EPSS

CVE•added 2011/01/14 5:0 p.m.•65 views

CVE-2011-0482

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

4.3CVSS9.2AI score0.0327EPSS

CVE•added 2011/01/20 7:0 p.m.•65 views

CVE-2011-0495

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary ...

6CVSS7.6AI score0.00573EPSS

CVE•added 2011/01/14 5:0 p.m.•47 views

CVE-2011-0474

Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a ...

10CVSS7.3AI score0.02875EPSS