Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2011-04-08 CVE-2011-0997 Improper Input Validation vulnerability in multiple products
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
network
low complexity
isc debian canonical CWE-20
7.5
2011-03-25 CVE-2011-1293 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google debian apple CWE-416
7.5
2011-03-25 CVE-2011-1292 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google debian CWE-416
7.5
2011-02-10 CVE-2011-0985 Resource Exhaustion vulnerability in Google Chrome
Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors.
network
low complexity
google debian CWE-400
7.5
2011-02-10 CVE-2011-0983 Improper Input Validation vulnerability in Google Chrome
Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
network
low complexity
google apple debian CWE-20
7.5
2011-02-10 CVE-2011-0981 Improper Input Validation vulnerability in Google Chrome
Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
network
low complexity
google apple debian CWE-20
7.5
2010-12-22 CVE-2010-4578 Multiple Security vulnerability in Google Chrome and Chrome OS
Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers."
network
low complexity
google debian
7.5
2010-12-22 CVE-2010-4577 Type Confusion vulnerability in multiple products
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
network
low complexity
webkitgtk google fedoraproject debian CWE-843
7.5
2010-12-14 CVE-2010-4345 Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
local
low complexity
exim opensuse debian canonical
7.8
2010-12-07 CVE-2010-4494 Double Free vulnerability in Google Chrome
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
7.5