Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2015-01-21 CVE-2015-0412 Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
local
low complexity
redhat canonical novell debian opensuse oracle
7.2
2015-01-21 CVE-2015-0411 Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. 7.5
2015-01-06 CVE-2014-7209 Command Injection vulnerability in Debian Mime-Support
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
network
low complexity
debian CWE-77
7.5
2014-12-31 CVE-2014-8145 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.
network
low complexity
sound-exchange-project debian oracle CWE-119
7.5
2014-12-16 CVE-2014-9057 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
debian sixapart CWE-89
7.5
2014-12-15 CVE-2014-6052 Improper Input Validation vulnerability in multiple products
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
network
low complexity
libvncserver oracle debian canonical CWE-20
7.5
2014-12-09 CVE-2014-9274 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
7.5
2014-12-05 CVE-2014-8990 Command Injection vulnerability in multiple products
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
network
low complexity
debian fedoraproject lsyncd-project CWE-77
7.5
2014-11-28 CVE-2014-9089 SQL Injection vulnerability in multiple products
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
network
low complexity
debian mantisbt CWE-89
7.5
2014-11-26 CVE-2014-9093 Improper Input Validation vulnerability in multiple products
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
7.5