Vulnerabilities > Debian > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-03-07 | CVE-2013-2483 | Numeric Errors vulnerability in multiple products The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data. | 3.3 |
| 2013-03-07 | CVE-2013-2481 | Numeric Errors vulnerability in multiple products Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value. | 2.9 |
| 2013-03-07 | CVE-2013-2480 | Denial of Service vulnerability in Wireshark RTPS And RTPS2 Dissectors The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet. | 3.3 |
| 2013-03-07 | CVE-2013-2478 | Numeric Errors vulnerability in multiple products The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string. | 3.3 |
| 2012-12-26 | CVE-2012-0961 | Information Exposure vulnerability in Debian Advanced Package Tool and APT Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file. | 2.1 |
| 2012-10-17 | CVE-2012-3197 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | 3.5 |
| 2012-10-16 | CVE-2012-3160 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. | 2.1 |
| 2012-09-15 | CVE-2012-4929 | Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | 2.6 |
| 2012-08-27 | CVE-2012-1586 | Information Exposure vulnerability in Debian Cifs-Utils 2.6 mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. | 2.1 |
| 2012-08-07 | CVE-2012-3453 | Permissions, Privileges, and Access Controls vulnerability in Debian Logol 1.5.0 logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files. | 3.6 |