Debian

Debian Linux

9947 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2015-3231

  • EPSS 0.45%
  • Veröffentlicht 22.06.2015 19:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.

5.8

CVE-2015-3232

  • EPSS 0.44%
  • Veröffentlicht 22.06.2015 19:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.

4.3

CVE-2015-3429

Exploit
  • EPSS 1.53%
  • Veröffentlicht 17.06.2015 18:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.

7.5

CVE-2015-3209

  • EPSS 20.57%
  • Veröffentlicht 15.06.2015 15:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

2.6

CVE-2015-4171

  • EPSS 1.01%
  • Veröffentlicht 10.06.2015 18:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is...

10

CVE-2015-4335

Exploit
  • EPSS 8.13%
  • Veröffentlicht 09.06.2015 14:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

5

CVE-2014-7810

  • EPSS 9.49%
  • Veröffentlicht 07.06.2015 23:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attacker...

4.6

CVE-2015-4106

  • EPSS 0.09%
  • Veröffentlicht 03.06.2015 20:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly ha...

7.8

CVE-2015-4047

Exploit
  • EPSS 2.67%
  • Veröffentlicht 29.05.2015 15:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

4.3

CVE-2015-3165

  • EPSS 9.71%
  • Veröffentlicht 28.05.2015 14:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the auth...