Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-02-10 | CVE-2011-0984 | Out-Of-Bounds Read vulnerability in Google Chrome Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 |
| 2011-02-04 | CVE-2011-0783 | Unspecified vulnerability in Google Chrome Unspecified vulnerability in Google Chrome before 9.0.597.84 allows user-assisted remote attackers to cause a denial of service (application crash) via vectors involving a "bad volume setting." | 4.3 |
| 2011-02-04 | CVE-2011-0779 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension. | 5.0 |
| 2011-01-28 | CVE-2010-3689 | Path Traversal vulnerability in multiple products soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
| 2011-01-20 | CVE-2011-0495 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Digium Asterisk Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. | 6.0 |
| 2011-01-14 | CVE-2011-0482 | Incorrect Type Conversion OR Cast vulnerability in Google Chrome and Chrome OS Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. | 4.3 |
| 2010-12-07 | CVE-2010-4493 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events. | 4.3 |
| 2010-12-06 | CVE-2010-4180 | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | 4.3 |
| 2010-11-17 | CVE-2010-4008 | Buffer Errors vulnerability in Google Chrome libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | 4.3 |
| 2010-11-06 | CVE-2010-4199 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document. | 6.8 |