Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2015-01-21 CVE-2015-0408 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
network
low complexity
oracle redhat canonical novell debian opensuse
critical
10.0
2015-01-21 CVE-2015-0395 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. 9.3
2015-01-21 CVE-2014-6601 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
network
low complexity
redhat canonical novell debian opensuse oracle
critical
10.0
2014-09-25 CVE-2014-7169 OS Command Injection vulnerability in multiple products
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
9.8
2014-09-24 CVE-2014-6271 OS Command Injection vulnerability in multiple products
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
9.8
2014-07-17 CVE-2014-2490 Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
network
hp debian oracle
critical
9.3
2014-07-17 CVE-2014-2483 Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223.
network
redhat debian oracle
critical
9.3
2014-05-14 CVE-2014-2405 Remote Security vulnerability in Oracle Openjdk 1.6.0
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.
network
low complexity
oracle canonical debian
critical
10.0
2014-05-14 CVE-2014-0462 Remote Security vulnerability in Oracle Openjdk 1.6.0
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.
network
low complexity
oracle canonical debian
critical
10.0
2014-04-30 CVE-2014-1531 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.
9.3