Vulnerabilities > Debian > Debian Linux > 7.0

DATE CVE VULNERABILITY TITLE RISK
2021-06-02 CVE-2015-1877 Command Injection vulnerability in multiple products
The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file.
6.8
2020-01-27 CVE-2015-0294 Improper Certificate Validation vulnerability in multiple products
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
network
low complexity
gnu debian redhat CWE-295
5.0
2020-01-27 CVE-2015-0244 SQL Injection vulnerability in multiple products
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
network
low complexity
postgresql debian CWE-89
7.5
2020-01-27 CVE-2015-0243 Classic Buffer Overflow vulnerability in multiple products
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
network
low complexity
postgresql debian CWE-120
6.5
2020-01-27 CVE-2015-0242 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
network
low complexity
postgresql microsoft debian CWE-787
6.5
2020-01-27 CVE-2015-0241 Classic Buffer Overflow vulnerability in multiple products
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.
network
low complexity
postgresql debian CWE-120
6.5
2020-01-27 CVE-2014-8161 Information Exposure Through an Error Message vulnerability in multiple products
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
network
low complexity
postgresql debian CWE-209
4.0
2020-01-24 CVE-2014-4172 Injection vulnerability in multiple products
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java.
network
low complexity
apereo debian fedoraproject CWE-74
critical
9.8
2020-01-14 CVE-2014-7844 Injection vulnerability in multiple products
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
local
low complexity
redhat debian bsd-mailx-project CWE-74
7.8
2019-12-31 CVE-2013-4357 Classic Buffer Overflow vulnerability in multiple products
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function.
5.0