Filtered by vendor Debian
Subscriptions
Filtered by product Debian Linux
Subscriptions
Total
8870 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-4327 | 3 Canonical, Debian, Systemd Project | 3 Ubuntu Linux, Debian Linux, Systemd | 2024-08-06 | N/A |
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
CVE-2013-4251 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-08-06 | 7.8 High |
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | ||||
CVE-2013-4357 | 5 Canonical, Debian, Eglibc and 2 more | 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more | 2024-08-06 | 7.5 High |
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. | ||||
CVE-2013-4365 | 4 Apache, Debian, Opensuse and 1 more | 6 Http Server, Mod Fcgid, Debian Linux and 3 more | 2024-08-06 | N/A |
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. | ||||
CVE-2013-4234 | 2 Debian, Konstanty Bialkowski | 2 Debian Linux, Libmodplug | 2024-08-06 | N/A |
Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC. | ||||
CVE-2013-4243 | 3 Debian, Libtiff, Redhat | 3 Debian Linux, Libtiff, Enterprise Linux | 2024-08-06 | N/A |
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image. | ||||
CVE-2013-4232 | 3 Debian, Libtiff, Redhat | 3 Debian Linux, Libtiff, Enterprise Linux | 2024-08-06 | N/A |
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image. | ||||
CVE-2013-4235 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, Shadow, Fedora and 1 more | 2024-08-06 | 4.7 Medium |
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees | ||||
CVE-2013-4242 | 5 Canonical, Debian, Gnupg and 2 more | 6 Ubuntu Linux, Debian Linux, Gnupg and 3 more | 2024-08-06 | N/A |
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. | ||||
CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2024-08-06 | 7.3 High |
Orca has arbitrary code execution due to insecure Python module load | ||||
CVE-2013-4184 | 2 Data\, Debian | 2 \, Debian Linux | 2024-08-06 | 5.5 Medium |
Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks | ||||
CVE-2013-4168 | 3 Debian, Fedoraproject, Smokeping | 3 Debian Linux, Fedora, Smokeping | 2024-08-06 | 6.1 Medium |
Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. | ||||
CVE-2013-4133 | 2 Debian, Kde | 2 Debian Linux, Kde-workspace | 2024-08-06 | 7.5 High |
kde-workspace before 4.10.5 has a memory leak in plasma desktop | ||||
CVE-2013-4077 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Opensuse, Wireshark | 2024-08-06 | N/A |
Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and packet-nbap.c. | ||||
CVE-2013-4158 | 3 Debian, Fedoraproject, Smokeping | 3 Debian Linux, Fedora, Smokeping | 2024-08-06 | 6.1 Medium |
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | ||||
CVE-2013-4075 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2024-08-06 | N/A |
epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||||
CVE-2013-4134 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-08-06 | N/A |
OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. | ||||
CVE-2013-4135 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2024-08-06 | N/A |
The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2013-4082 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Opensuse, Wireshark | 2024-08-06 | N/A |
The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted packet. | ||||
CVE-2013-4081 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Enterprise Linux and 1 more | 2024-08-06 | N/A |
The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a recursive approach, which allows remote attackers to cause a denial of service (stack consumption) via a crafted packet. |