Vendor CVEs
Debian
All CVEs
3,338 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-0138 | 0.00 | — | 0.05 | Apr 15, 2014 | The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a… | |||
| CVE-2013-5705 | 0.00 | — | 0.03 | Apr 15, 2014 | apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. | |||
| CVE-2014-2851 | 0.00 | — | 0.01 | Apr 14, 2014 | Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed… | |||
| CVE-2014-0159 | 0.00 | — | 0.02 | Apr 14, 2014 | Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument. | |||
| CVE-2014-1716 | 0.00 | — | 0.02 | Apr 9, 2014 | Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." | |||
| CVE-2014-2326 | 0.00 | — | 0.03 | Mar 27, 2014 | Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-7345 | 0.00 | — | 0.03 | Mar 24, 2014 | The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers… | |||
| CVE-2014-1609 | 0.00 | — | 0.03 | Mar 20, 2014 | Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in… | |||
| CVE-2014-1608 | 0.00 | — | 0.03 | Mar 18, 2014 | SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request. | |||
| CVE-2014-1705 | 0.00 | — | 0.06 | Mar 16, 2014 | Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2014-2270 | 0.00 | — | 0.04 | Mar 14, 2014 | softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. | |||
| CVE-2013-6476 | 0.00 | — | 0.00 | Mar 14, 2014 | The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | |||
| CVE-2013-6475 | 0.00 | — | 0.03 | Mar 14, 2014 | Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. | |||
| CVE-2013-6474 | 0.00 | — | 0.03 | Mar 14, 2014 | Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. | |||
| CVE-2013-6668 | 0.00 | — | 0.05 | Mar 5, 2014 | Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2011-3634 | 0.00 | — | 0.01 | Mar 1, 2014 | methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors. | |||
| CVE-2013-4590 | 0.00 | — | 0.09 | Feb 26, 2014 | Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an… | |||
| CVE-2014-1943 | 0.00 | — | 0.05 | Feb 18, 2014 | Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. | |||
| CVE-2014-1491 | 0.00 | — | 0.05 | Feb 6, 2014 | Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes… | |||
| CVE-2014-1490 | 0.00 | — | 0.04 | Feb 6, 2014 | Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service… | |||
| CVE-2014-1833 | 0.00 | — | 0.04 | Feb 5, 2014 | Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink. | |||
| CVE-2013-6650 | 0.00 | — | 0.02 | Jan 28, 2014 | The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that… | |||
| CVE-2013-6649 | 0.00 | — | 0.01 | Jan 28, 2014 | Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors… | |||
| CVE-2014-1640 | 0.00 | — | 0.00 | Jan 28, 2014 | axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename. | |||
| CVE-2014-1639 | 0.00 | — | 0.00 | Jan 28, 2014 | syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new… | |||
| CVE-2014-1638 | 0.00 | — | 0.00 | Jan 28, 2014 | (1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink… | |||
| CVE-2013-0339 | 0.00 | — | 0.04 | Jan 21, 2014 | libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests… | |||
| CVE-2013-6425 | 0.00 | — | 0.03 | Jan 18, 2014 | Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||
| CVE-2013-6424 | 0.00 | — | 0.03 | Jan 18, 2014 | Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||
| CVE-2013-6646 | 0.00 | — | 0.02 | Jan 16, 2014 | Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the… | |||
| CVE-2013-6645 | 0.00 | — | 0.01 | Jan 16, 2014 | Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a… | |||
| CVE-2013-6644 | 0.00 | — | 0.02 | Jan 16, 2014 | Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2013-6643 | 0.00 | — | 0.01 | Jan 16, 2014 | The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by… | |||
| CVE-2014-0437 | 0.00 | — | 0.03 | Jan 15, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||
| CVE-2014-0420 | 0.00 | — | 0.04 | Jan 15, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication. | |||
| CVE-2014-0412 | 0.00 | — | 0.03 | Jan 15, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||
| CVE-2014-0402 | 0.00 | — | 0.03 | Jan 15, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. | |||
| CVE-2014-0401 | 0.00 | — | 0.04 | Jan 15, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors. | |||
| CVE-2014-0393 | 0.00 | — | 0.03 | Jan 15, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB. | |||
| CVE-2014-0386 | 0.00 | — | 0.03 | Jan 15, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||
| CVE-2013-5908 | 0.00 | — | 0.05 | Jan 15, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. | |||
| CVE-2013-5891 | 0.00 | — | 0.04 | Jan 15, 2014 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. | |||
| CVE-2013-4969 | 0.00 | — | 0.00 | Jan 7, 2014 | Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files. | |||
| CVE-2013-6888 | 0.00 | — | 0.04 | Jan 7, 2014 | Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. | |||
| CVE-2013-6422 | 0.00 | — | 0.03 | Dec 23, 2013 | The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct… | |||
| CVE-2013-7085 | 0.00 | — | 0.02 | Dec 14, 2013 | Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename. | |||
| CVE-2013-7050 | 0.00 | — | 0.02 | Dec 13, 2013 | The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name. | |||
| CVE-2013-7020 | 0.00 | — | 0.02 | Dec 9, 2013 | The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via… | |||
| CVE-2013-0858 | 0.00 | — | 0.03 | Dec 7, 2013 | The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. | |||
| CVE-2013-6410 | 0.00 | — | 0.03 | Dec 7, 2013 | nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file. |
- CVE-2014-0138Apr 15, 2014risk 0.00cvss —epss 0.05
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a…
- CVE-2013-5705Apr 15, 2014risk 0.00cvss —epss 0.03
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.
- CVE-2014-2851Apr 14, 2014risk 0.00cvss —epss 0.01
Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed…
- CVE-2014-0159Apr 14, 2014risk 0.00cvss —epss 0.02
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
- CVE-2014-1716Apr 9, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
- CVE-2014-2326Mar 27, 2014risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-7345Mar 24, 2014risk 0.00cvss —epss 0.03
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers…
- CVE-2014-1609Mar 20, 2014risk 0.00cvss —epss 0.03
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in…
- CVE-2014-1608Mar 18, 2014risk 0.00cvss —epss 0.03
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
- CVE-2014-1705Mar 16, 2014risk 0.00cvss —epss 0.06
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2014-2270Mar 14, 2014risk 0.00cvss —epss 0.04
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
- CVE-2013-6476Mar 14, 2014risk 0.00cvss —epss 0.00
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
- CVE-2013-6475Mar 14, 2014risk 0.00cvss —epss 0.03
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
- CVE-2013-6474Mar 14, 2014risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2013-6668Mar 5, 2014risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2011-3634Mar 1, 2014risk 0.00cvss —epss 0.01
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
- CVE-2013-4590Feb 26, 2014risk 0.00cvss —epss 0.09
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an…
- CVE-2014-1943Feb 18, 2014risk 0.00cvss —epss 0.05
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
- CVE-2014-1491Feb 6, 2014risk 0.00cvss —epss 0.05
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes…
- CVE-2014-1490Feb 6, 2014risk 0.00cvss —epss 0.04
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service…
- CVE-2014-1833Feb 5, 2014risk 0.00cvss —epss 0.04
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
- CVE-2013-6650Jan 28, 2014risk 0.00cvss —epss 0.02
The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that…
- CVE-2013-6649Jan 28, 2014risk 0.00cvss —epss 0.01
Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors…
- CVE-2014-1640Jan 28, 2014risk 0.00cvss —epss 0.00
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
- CVE-2014-1639Jan 28, 2014risk 0.00cvss —epss 0.00
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new…
- CVE-2014-1638Jan 28, 2014risk 0.00cvss —epss 0.00
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink…
- CVE-2013-0339Jan 21, 2014risk 0.00cvss —epss 0.04
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests…
- CVE-2013-6425Jan 18, 2014risk 0.00cvss —epss 0.03
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
- CVE-2013-6424Jan 18, 2014risk 0.00cvss —epss 0.03
Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
- CVE-2013-6646Jan 16, 2014risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the…
- CVE-2013-6645Jan 16, 2014risk 0.00cvss —epss 0.01
Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a…
- CVE-2013-6644Jan 16, 2014risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2013-6643Jan 16, 2014risk 0.00cvss —epss 0.01
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by…
- CVE-2014-0437Jan 15, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- CVE-2014-0420Jan 15, 2014risk 0.00cvss —epss 0.04
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.
- CVE-2014-0412Jan 15, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
- CVE-2014-0402Jan 15, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
- CVE-2014-0401Jan 15, 2014risk 0.00cvss —epss 0.04
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
- CVE-2014-0393Jan 15, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.
- CVE-2014-0386Jan 15, 2014risk 0.00cvss —epss 0.03
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
- CVE-2013-5908Jan 15, 2014risk 0.00cvss —epss 0.05
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
- CVE-2013-5891Jan 15, 2014risk 0.00cvss —epss 0.04
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
- CVE-2013-4969Jan 7, 2014risk 0.00cvss —epss 0.00
Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) before 2.8.4 and 3.1 before 3.1.1 allows local users to overwrite arbitrary files via a symlink attack on unspecified files.
- CVE-2013-6888Jan 7, 2014risk 0.00cvss —epss 0.04
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
- CVE-2013-6422Dec 23, 2013risk 0.00cvss —epss 0.03
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct…
- CVE-2013-7085Dec 14, 2013risk 0.00cvss —epss 0.02
Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.
- CVE-2013-7050Dec 13, 2013risk 0.00cvss —epss 0.02
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
- CVE-2013-7020Dec 9, 2013risk 0.00cvss —epss 0.02
The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via…
- CVE-2013-0858Dec 7, 2013risk 0.00cvss —epss 0.03
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.
- CVE-2013-6410Dec 7, 2013risk 0.00cvss —epss 0.03
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file.
Page 54 of 67