Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-08 | CVE-2015-8767 | Race Condition vulnerability in multiple products net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. | 6.2 |
| 2016-02-08 | CVE-2015-7513 | Divide By Zero vulnerability in multiple products arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. | 6.5 |
| 2016-02-01 | CVE-2015-8783 | Out-of-bounds Read vulnerability in multiple products tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. | 6.5 |
| 2016-02-01 | CVE-2015-8782 | Out-of-bounds Write vulnerability in multiple products tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. | 6.5 |
| 2016-02-01 | CVE-2015-8781 | Out-of-bounds Write vulnerability in multiple products tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782. | 6.5 |
| 2016-01-29 | CVE-2016-0755 | Improper Authentication vulnerability in multiple products The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. | 7.3 |
| 2016-01-27 | CVE-2016-2047 | 7PK - Security Features vulnerability in multiple products The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." | 5.9 |
| 2016-01-26 | CVE-2015-7974 | Improper Authentication vulnerability in multiple products NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | 7.7 |
| 2016-01-22 | CVE-2016-1572 | Improper Privilege Management vulnerability in multiple products mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. | 8.4 |
| 2016-01-19 | CVE-2015-6831 | Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. | 7.3 |