Debian Linux Security Vulnerabilities and Issues — Debian Linux CVE List

Lucene search

DebianDebian Linux

9 matches found

CVE•added 2011/07/28 6:55 p.m.•288 views

CVE-2011-2688

SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.

7.5CVSS8.3AI score0.02343EPSS

CVE•added 2011/07/17 8:55 p.m.•92 views

CVE-2011-2690

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and ...

8.8CVSS8.9AI score0.01027EPSS

CVE•added 2011/07/29 8:55 p.m.•86 views

CVE-2011-2522

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) ...

6.8CVSS5.7AI score0.3021EPSS

CVE•added 2011/07/07 9:55 p.m.•80 views

CVE-2011-2192

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

4.3CVSS6.8AI score0.0151EPSS

CVE•added 2011/07/17 8:55 p.m.•79 views

CVE-2011-2501

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of erro...

6.5CVSS7AI score0.02457EPSS

CVE•added 2011/07/29 8:55 p.m.•77 views

CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user f...

2.6CVSS4.7AI score0.03385EPSS

CVE•added 2011/07/17 8:55 p.m.•74 views

CVE-2011-2691

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) v...

6.5CVSS6.8AI score0.03384EPSS

CVE•added 2011/07/11 8:55 p.m.•65 views

CVE-2011-1526

ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FT...

6.5CVSS4.6AI score0.00228EPSS

CVE•added 2011/07/17 8:55 p.m.•65 views

CVE-2011-2692

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ha...

8.8CVSS9.2AI score0.03564EPSS