Filtered by vendor Debian Subscriptions
Filtered by product Debian Linux Subscriptions
Total 9084 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-2016 3 Debian, Novell, Qemu 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more 2024-11-21 7.8 High
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
CVE-2013-2012 2 Autojump Project, Debian 2 Autojump, Debian Linux 2024-11-21 7.3 High
autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.
CVE-2013-1951 3 Debian, Linux, Mediawiki 3 Debian Linux, Linux Kernel, Mediawiki 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.
CVE-2013-1934 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.
CVE-2013-1915 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Opensuse and 1 more 2024-11-21 N/A
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.
CVE-2013-1910 2 Baseurl, Debian 2 Yum, Debian Linux 2024-11-21 9.8 Critical
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.
CVE-2013-1861 7 Canonical, Debian, Mariadb and 4 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2024-11-21 N/A
MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
CVE-2013-1817 4 Debian, Fedoraproject, Mediawiki and 1 more 4 Debian Linux, Fedora, Mediawiki and 1 more 2024-11-21 7.5 High
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
CVE-2013-1816 4 Debian, Fedoraproject, Mediawiki and 1 more 4 Debian Linux, Fedora, Mediawiki and 1 more 2024-11-21 7.5 High
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
CVE-2013-1811 2 Debian, Mantisbt 2 Debian Linux, Mantisbt 2024-11-21 4.3 Medium
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".
CVE-2013-1809 2 Debian, Gambas Project 2 Debian Linux, Gambas 2024-11-21 7.5 High
Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.
CVE-2013-1430 2 Debian, Neutrinolabs 2 Debian Linux, Xrdp 2024-11-21 N/A
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.
CVE-2013-1429 2 Canonical, Debian 3 Ubuntu Linux, Debian Linux, Lintian 2024-11-21 6.3 Medium
Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.
CVE-2013-1427 2 Debian, Lighttpd 2 Debian Linux, Lighttpd 2024-11-21 N/A
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
CVE-2013-1425 2 Debian, Ldap Git Backup Project 2 Debian Linux, Ldap Git Backup 2024-11-21 5.5 Medium
ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.
CVE-2013-1418 4 Debian, Mit, Opensuse and 1 more 4 Debian Linux, Kerberos 5, Opensuse and 1 more 2024-11-21 N/A
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
CVE-2013-0900 5 Apple, Debian, Google and 2 more 5 Mac Os X, Debian Linux, Chrome and 2 more 2024-11-21 N/A
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2013-0858 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 N/A
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels.
CVE-2013-0800 6 Canonical, Debian, Mozilla and 3 more 12 Ubuntu Linux, Debian Linux, Firefox and 9 more 2024-11-21 N/A
Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
CVE-2013-0783 5 Canonical, Debian, Mozilla and 2 more 14 Ubuntu Linux, Debian Linux, Firefox and 11 more 2024-11-21 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.