Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.6

CVE-2015-3202

Exploit
  • EPSS 0.34%
  • Veröffentlicht 02.07.2015 21:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's ...

4.3

CVE-2015-3234

  • EPSS 0.5%
  • Veröffentlicht 22.06.2015 19:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange provide...

4

CVE-2015-3231

  • EPSS 0.45%
  • Veröffentlicht 22.06.2015 19:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.

5.8

CVE-2015-3232

  • EPSS 0.44%
  • Veröffentlicht 22.06.2015 19:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.

4.3

CVE-2015-3429

Exploit
  • EPSS 1.53%
  • Veröffentlicht 17.06.2015 18:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.

7.5

CVE-2015-3209

  • EPSS 18.02%
  • Veröffentlicht 15.06.2015 15:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

2.6

CVE-2015-4171

  • EPSS 1.01%
  • Veröffentlicht 10.06.2015 18:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is...

10

CVE-2015-4335

Exploit
  • EPSS 8.76%
  • Veröffentlicht 09.06.2015 14:59:07
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

5

CVE-2014-7810

  • EPSS 9.49%
  • Veröffentlicht 07.06.2015 23:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attacker...

4.6

CVE-2015-4106

  • EPSS 0.09%
  • Veröffentlicht 03.06.2015 20:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly ha...