Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2014-03-19 CVE-2014-1493 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla canonical debian redhat suse opensuse CWE-119
critical
10.0
2014-02-06 CVE-2014-1486 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
network
low complexity
mozilla fedoraproject opensuse suse debian canonical redhat CWE-416
critical
9.8
2014-02-06 CVE-2014-1477 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla canonical debian redhat fedoraproject opensuse suse
critical
9.8
2013-11-18 CVE-2013-6632 Numeric Errors vulnerability in Google Chrome
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
network
google debian CWE-189
critical
9.3
2013-03-19 CVE-2013-0251 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Debian Latd
Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version.
network
low complexity
debian CWE-119
critical
10.0
2013-03-14 CVE-2013-1049 Buffer Errors vulnerability in Debian Cfingerd 1.4.33
Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response.
network
low complexity
debian CWE-119
critical
10.0
2013-02-13 CVE-2012-3363 XXE vulnerability in multiple products
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
network
low complexity
zend fedoraproject debian CWE-611
critical
9.1
2012-11-24 CVE-2012-2239 XXE vulnerability in multiple products
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
network
low complexity
mahara debian CWE-611
critical
9.1
2012-10-17 CVE-2012-3163 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
network
low complexity
oracle mariadb canonical debian redhat f5
critical
9.0
2012-08-17 CVE-2012-2750 Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533.
network
low complexity
oracle mariadb debian
critical
10.0