Debian Linux Security Vulnerabilities and Issues — Debian Linux CVE List

Lucene search

DebianDebian Linux

9 matches found

CVE•added 2015/06/07 11:59 p.m.•184 views

CVE-2014-7810

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

5CVSS6.4AI score0.09321EPSS

CVE•added 2015/06/15 3:59 p.m.•112 views

CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

7.5CVSS6.5AI score0.04545EPSS

CVE•added 2015/06/17 6:59 p.m.•109 views

CVE-2015-3429

Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.

4.3CVSS5.6AI score0.01531EPSS

CVE•added 2015/06/09 2:59 p.m.•101 views

CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

10CVSS7AI score0.0712EPSS

CVE•added 2015/06/03 8:59 p.m.•85 views

CVE-2015-4106

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

4.6CVSS7.6AI score0.00085EPSS

CVE•added 2015/06/10 6:59 p.m.•75 views

CVE-2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain ...

2.6CVSS7.5AI score0.01012EPSS

CVE•added 2015/06/22 7:59 p.m.•70 views

CVE-2015-3231

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.

4CVSS5.9AI score0.00452EPSS

CVE•added 2015/06/22 7:59 p.m.•67 views

CVE-2015-3234

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.

4.3CVSS6.4AI score0.00498EPSS

CVE•added 2015/06/22 7:59 p.m.•55 views

CVE-2015-3232

Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.

5.8CVSS6.4AI score0.00443EPSS