Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2014-08-14 CVE-2014-4343 Double Free vulnerability in multiple products
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
network
high complexity
debian mit redhat CWE-415
7.6
2014-06-05 CVE-2014-3468 Incorrect Calculation of Buffer Size vulnerability in multiple products
The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.
network
low complexity
gnu redhat debian suse f5 CWE-131
7.5
2014-05-14 CVE-2014-3127 Path Traversal vulnerability in Debian Dpkg
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package.
network
high complexity
debian CWE-22
7.1
2014-04-30 CVE-2014-1532 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.
7.5
2014-04-30 CVE-2014-1524 Classic Buffer Overflow vulnerability in multiple products
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
7.5
2014-04-23 CVE-2014-2709 Security vulnerability in Cacti 'rrd.php'
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
network
low complexity
cacti debian
7.5
2014-04-16 CVE-2014-2427 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
network
low complexity
canonical oracle debian
7.5
2014-04-16 CVE-2014-2423 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.
network
low complexity
canonical oracle debian
7.5
2014-04-16 CVE-2014-2414 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
network
low complexity
canonical oracle debian
7.5
2014-04-16 CVE-2014-2412 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.
network
low complexity
canonical oracle debian
7.5