Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2012-05-11 CVE-2012-1823 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
network
low complexity
php fedoraproject debian hp opensuse suse apple redhat
critical
9.8
2012-02-01 CVE-2012-0449 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.
network
mozilla debian opensuse suse CWE-119
critical
9.3
2012-02-01 CVE-2012-0444 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
network
low complexity
mozilla debian opensuse suse canonical CWE-119
critical
10.0
2012-02-01 CVE-2012-0442 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
mozilla debian opensuse suse
critical
9.3
2011-12-25 CVE-2011-4862 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
10.0
2011-01-28 CVE-2010-3454 Off-by-one Error vulnerability in multiple products
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
network
apache canonical debian CWE-193
critical
9.3
2011-01-28 CVE-2010-3452 Use After Free vulnerability in multiple products
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.
network
apache canonical debian CWE-416
critical
9.3
2011-01-28 CVE-2010-3451 Use After Free vulnerability in multiple products
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.
network
apache canonical debian CWE-416
critical
9.3
2011-01-28 CVE-2010-3450 Path Traversal vulnerability in multiple products
Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a ..
network
apache canonical debian CWE-22
critical
9.3
2011-01-14 CVE-2011-0474 Multiple Security vulnerability in Google Chrome
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
network
low complexity
google debian
critical
10.0