Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2012-07-22 | CVE-2012-2751 | ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. | Debian_linux, Opensuse, Http_server, Modsecurity | N/A | ||
2012-08-13 | CVE-2012-3425 | The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. | Ubuntu_linux, Debian_linux, Libpng, Opensuse, Libpng | N/A | ||
2012-09-07 | CVE-2012-4388 | The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398. | Ubuntu_linux, Debian_linux, Php | N/A | ||
2013-02-23 | CVE-2013-0900 | Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | Debian_linux, Chrome | N/A | ||
2013-06-05 | CVE-2013-2855 | The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | Debian_linux, Chrome | N/A | ||
2013-06-05 | CVE-2013-2856 | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. | Debian_linux, Chrome | N/A | ||
2013-06-05 | CVE-2013-2857 | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. | Debian_linux, Chrome | N/A | ||
2013-06-05 | CVE-2013-2858 | Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | Debian_linux, Chrome | N/A | ||
2013-06-05 | CVE-2013-2859 | Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. | Debian_linux, Chrome | N/A | ||
2013-06-05 | CVE-2013-2860 | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. | Debian_linux, Chrome | N/A |