CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Debian : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-7696 119 DoS Exec Code Overflow 2015-11-06 2015-11-09
6.8
None Remote Medium Not required Partial Partial Partial
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.
2 CVE-2015-5214 119 DoS Exec Code Overflow Mem. Corr. 2015-11-10 2015-11-12
6.8
None Remote Medium Not required Partial Partial Partial
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
3 CVE-2015-5213 189 DoS Exec Code Overflow Mem. Corr. 2015-11-10 2015-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
4 CVE-2015-5212 189 DoS Exec Code Mem. Corr. 2015-11-10 2015-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.
5 CVE-2015-3439 79 Exec Code XSS 2015-08-05 2015-09-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.
6 CVE-2015-3279 189 DoS Exec Code Overflow 2015-07-14 2015-07-14
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
7 CVE-2015-3258 119 DoS Exec Code Overflow 2015-07-14 2015-07-14
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
8 CVE-2015-2754 20 DoS Exec Code 2015-03-31 2015-04-01
6.8
None Remote Medium Not required Partial Partial Partial
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."
9 CVE-2015-2753 20 DoS Exec Code 2015-03-31 2015-04-01
6.8
None Remote Medium Not required Partial Partial Partial
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.
10 CVE-2015-2724 119 DoS Exec Code Overflow Mem. Corr. 2015-07-05 2015-09-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11 CVE-2015-2331 189 DoS Exec Code Overflow 2015-03-30 2015-10-09
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
12 CVE-2015-2305 189 Exec Code Overflow 2015-03-30 2015-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
13 CVE-2015-2151 264 DoS Exec Code Mem. Corr. +Info 2015-03-12 2015-03-25
7.2
None Local Low Not required Complete Complete Complete
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
14 CVE-2015-1822 17 DoS Exec Code 2015-04-16 2015-04-17
6.5
None Remote Low Single system Partial Partial Partial
chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.
15 CVE-2015-1821 119 DoS Exec Code Overflow 2015-04-16 2015-04-17
6.5
None Remote Low Single system Partial Partial Partial
Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.
16 CVE-2015-1803 DoS Exec Code 2015-03-20 2015-07-16
8.5
None Remote Medium Single system Complete Complete Complete
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.
17 CVE-2015-1592 74 Exec Code 2015-02-19 2015-11-19
7.5
None Remote Low Not required Partial Partial Partial
Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.
18 CVE-2015-1572 119 Exec Code Overflow 2015-02-24 2015-03-31
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
19 CVE-2015-1274 254 Exec Code 2015-07-22 2015-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.
20 CVE-2015-0860 189 Exec Code Overflow 2015-12-03 2015-12-04
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
21 CVE-2015-0859 17 Exec Code 2015-12-03 2015-12-04
7.5
None Remote Low Not required Partial Partial Partial
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.
22 CVE-2015-0838 119 Exec Code Overflow 2015-03-31 2015-03-31
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.
23 CVE-2015-0247 119 Exec Code Overflow 2015-02-17 2015-09-10
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
24 CVE-2014-9706 19 Exec Code 2015-03-31 2015-04-14
7.5
None Remote Low Not required Partial Partial Partial
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
25 CVE-2014-9273 119 Exec Code Overflow +Priv 2014-12-08 2015-08-25
4.6
User Local Low Not required Partial Partial Partial
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
26 CVE-2014-9089 89 Exec Code Sql 2014-11-28 2015-10-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
27 CVE-2014-9057 89 Exec Code Sql 2014-12-16 2015-11-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
28 CVE-2014-8625 134 DoS Exec Code 2015-01-20 2015-01-22
6.8
None Remote Medium Not required Partial Partial Partial
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
29 CVE-2014-8158 119 DoS Exec Code Overflow 2015-01-26 2015-04-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
30 CVE-2014-8157 189 DoS Exec Code Overflow 2015-01-26 2015-04-02
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
31 CVE-2014-8102 119 DoS Exec Code Overflow 2014-12-10 2015-07-16
6.5
None Remote Low Single system Partial Partial Partial
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.
32 CVE-2014-8098 119 DoS Exec Code Overflow 2014-12-10 2015-07-16
6.5
None Remote Low Single system Partial Partial Partial
The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function.
33 CVE-2014-8095 119 DoS Exec Code Overflow 2014-12-10 2015-07-16
6.5
None Remote Low Single system Partial Partial Partial
The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.
34 CVE-2014-8094 DoS Exec Code Overflow 2014-12-10 2015-04-09
6.5
None Remote Low Single system Partial Partial Partial
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.
35 CVE-2014-7817 20 Exec Code 2014-11-24 2015-03-17
4.6
None Local Low Not required Partial Partial Partial
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
36 CVE-2014-7209 77 Exec Code 2015-01-06 2015-01-06
7.5
None Remote Low Not required Partial Partial Partial
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
37 CVE-2014-6273 119 DoS Exec Code Overflow 2014-09-30 2014-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
38 CVE-2014-3686 20 Exec Code 2014-10-15 2015-04-09
6.8
None Remote Medium Not required Partial Partial Partial
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
39 CVE-2014-3564 119 DoS Exec Code Overflow 2014-10-20 2015-01-23
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
40 CVE-2014-1609 89 Exec Code Sql 2014-03-20 2015-11-27
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608.
41 CVE-2014-1608 89 Exec Code Sql 2014-03-18 2015-08-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.
42 CVE-2014-0490 20 Exec Code 2014-11-03 2014-11-04
7.5
None Remote Low Not required Partial Partial Partial
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
43 CVE-2014-0489 20 Exec Code 2014-11-03 2014-11-04
7.5
None Remote Low Not required Partial Partial Partial
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
44 CVE-2014-0479 94 Exec Code 2014-08-06 2014-08-07
6.8
None Remote Medium Not required Partial Partial Partial
reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.
45 CVE-2014-0469 119 Exec Code Overflow 2014-05-05 2014-05-31
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines.
46 CVE-2013-6475 189 Exec Code Overflow 2014-03-14 2014-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
47 CVE-2013-6474 119 Exec Code Overflow 2014-03-14 2014-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
48 CVE-2013-6435 74 Exec Code 2014-12-16 2015-09-28
7.6
None Remote High Not required Complete Complete Complete
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.
49 CVE-2013-4852 189 DoS Exec Code Overflow 2013-08-19 2015-09-02
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
50 CVE-2013-4565 119 DoS Exec Code Overflow 2014-04-25 2014-04-25
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.
Total number of vulnerabilities : 111   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.