Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-01-21 | CVE-2015-0412 | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. | 7.2 |
2015-01-21 | CVE-2015-0411 | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. | 7.5 |
2015-01-06 | CVE-2014-7209 | Command Injection vulnerability in Debian Mime-Support run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | 7.5 |
2014-12-31 | CVE-2014-8145 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function. | 7.5 |
2014-12-16 | CVE-2014-9057 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2014-12-15 | CVE-2014-6052 | Improper Input Validation vulnerability in multiple products The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. | 7.5 |
2014-12-09 | CVE-2014-9274 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". | 7.5 |
2014-12-05 | CVE-2014-8990 | Command Injection vulnerability in multiple products default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | 7.5 |
2014-11-28 | CVE-2014-9089 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. | 7.5 |
2014-11-26 | CVE-2014-9093 | Improper Input Validation vulnerability in multiple products LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file. | 7.5 |