Vulnerabilities > Debian > Debian Linux > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2015-1877 | Command Injection vulnerability in multiple products The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | 8.8 |
| 2020-01-27 | CVE-2015-0294 | Improper Certificate Validation vulnerability in multiple products GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | 7.5 |
| 2020-01-27 | CVE-2015-0244 | SQL Injection vulnerability in multiple products PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | 9.8 |
| 2020-01-27 | CVE-2015-0243 | Classic Buffer Overflow vulnerability in multiple products Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | 8.8 |
| 2020-01-27 | CVE-2015-0242 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | 8.8 |
| 2020-01-27 | CVE-2015-0241 | Classic Buffer Overflow vulnerability in multiple products The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. | 8.8 |
| 2020-01-27 | CVE-2014-8161 | Information Exposure Through an Error Message vulnerability in multiple products PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message. | 4.3 |
| 2020-01-24 | CVE-2014-4172 | Injection vulnerability in multiple products A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | 9.8 |
| 2020-01-14 | CVE-2014-7844 | Injection vulnerability in multiple products BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | 7.8 |
| 2019-12-31 | CVE-2013-4357 | Classic Buffer Overflow vulnerability in multiple products The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. | 7.5 |