Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8870 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-6639 | 3 Canonical, Debian, Suse | 3 Cloud-init, Debian Linux, Linux Enterprise Server | 2024-08-06 | 8.8 High |
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | ||||
CVE-2012-6684 | 2 Debian, Redcloth | 2 Debian Linux, Redcloth Library | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. | ||||
CVE-2012-6111 | 2 Debian, Gnome | 2 Debian Linux, Gnome Keyring | 2024-08-06 | 7.5 High |
gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | ||||
CVE-2012-6123 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2024-08-06 | 6.5 Medium |
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | ||||
CVE-2012-6136 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Enterprise Linux and 4 more | 2024-08-06 | 5.5 Medium |
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes. | ||||
CVE-2012-6075 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-08-06 | N/A |
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. | ||||
CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2024-08-06 | 9.8 Critical |
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | ||||
CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2024-08-06 | 7.5 High |
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | ||||
CVE-2012-5653 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-08-06 | N/A |
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. | ||||
CVE-2012-5644 | 4 Debian, Fedoraproject, Libuser Project and 1 more | 4 Debian Linux, Fedora, Libuser and 1 more | 2024-08-06 | 5.5 Medium |
libuser has information disclosure when moving user's home directory | ||||
CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2024-08-06 | 7.5 High |
Python keyring lib before 0.10 created keyring files with world-readable permissions. | ||||
CVE-2012-5519 | 3 Apple, Debian, Redhat | 3 Cups, Debian Linux, Enterprise Linux | 2024-08-06 | N/A |
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. | ||||
CVE-2012-5521 | 3 Debian, Quagga, Redhat | 3 Debian Linux, Quagga, Enterprise Linux | 2024-08-06 | 6.5 Medium |
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal | ||||
CVE-2012-5476 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2024-08-06 | 5.5 Medium |
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | ||||
CVE-2012-5474 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Horizon and 1 more | 2024-08-06 | 5.5 Medium |
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | ||||
CVE-2012-4929 | 4 Debian, Google, Mozilla and 1 more | 5 Debian Linux, Chrome, Firefox and 2 more | 2024-08-06 | N/A |
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | ||||
CVE-2012-4576 | 2 Debian, Freebsd | 2 Debian Linux, Freebsd | 2024-08-06 | 7.8 High |
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges | ||||
CVE-2012-4564 | 5 Canonical, Debian, Libtiff and 2 more | 9 Ubuntu Linux, Debian Linux, Libtiff and 6 more | 2024-08-06 | N/A |
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. | ||||
CVE-2012-4533 | 2 Debian, Viewvc | 2 Debian Linux, Viewvc | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line. | ||||
CVE-2012-4430 | 2 Bacula, Debian | 2 Bacula, Debian Linux | 2024-08-06 | N/A |
The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. |