Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-10 | CVE-2015-4551 | Information Exposure vulnerability in multiple products LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer. | 4.3 |
| 2015-11-09 | CVE-2015-7295 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface. | 5.0 |
| 2015-11-09 | CVE-2015-2697 | Out-of-bounds Read vulnerability in multiple products The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. | 4.0 |
| 2015-11-09 | CVE-2015-2696 | Source Code vulnerability in multiple products lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. | 7.1 |
| 2015-11-09 | CVE-2015-2695 | Release of Invalid Pointer or Reference vulnerability in multiple products lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. | 5.0 |
| 2015-11-06 | CVE-2015-7762 | Information Exposure vulnerability in multiple products rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a replay attack or (2) sniffing the network. | 5.0 |
| 2015-11-06 | CVE-2015-6855 | Divide By Zero vulnerability in multiple products hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | 5.0 |
| 2015-11-06 | CVE-2015-7697 | Resource Management Errors vulnerability in multiple products Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. | 4.3 |
| 2015-11-06 | CVE-2015-7696 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value. | 6.8 |
| 2015-11-02 | CVE-2015-8036 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. | 6.8 |