Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-15 | CVE-2014-0386 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 4.0 |
| 2014-01-15 | CVE-2013-5891 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. | 4.0 |
| 2013-12-23 | CVE-2013-6890 | Improper Authentication vulnerability in multiple products denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | 5.0 |
| 2013-12-23 | CVE-2013-6422 | Improper Input Validation vulnerability in multiple products The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. | 4.0 |
| 2013-12-09 | CVE-2013-7020 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. | 6.8 |
| 2013-11-20 | CVE-2013-4560 | USE After Free vulnerability in multiple products Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures. | 5.0 |
| 2013-11-18 | CVE-2013-1418 | Null Pointer Dereference vulnerability in multiple products The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | 4.3 |
| 2013-11-13 | CVE-2013-4475 | Permissions, Privileges, and Access Controls vulnerability in multiple products Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS). | 4.0 |
| 2013-11-08 | CVE-2013-4508 | Inadequate Encryption Strength vulnerability in multiple products lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network. | 4.3 |
| 2013-11-05 | CVE-2013-4135 | Cryptographic Issues vulnerability in multiple products The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | 4.3 |