Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-22 | CVE-2015-3231 | Information Exposure vulnerability in multiple products The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. | 4.0 |
| 2015-06-17 | CVE-2015-3429 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. | 4.3 |
| 2015-06-10 | CVE-2015-4171 | Information Exposure vulnerability in multiple products strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. | 2.6 |
| 2015-06-03 | CVE-2015-4106 | Incorrect Authorization vulnerability in multiple products QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | 4.6 |
| 2015-05-29 | CVE-2015-4047 | NULL Pointer Dereference vulnerability in multiple products racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. | 7.8 |
| 2015-05-28 | CVE-2015-3165 | Remote Denial Of Service vulnerability in PostgreSQL Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence. | 4.3 |
| 2015-05-27 | CVE-2015-3332 | Resource Management Errors vulnerability in multiple products A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds. | 4.9 |
| 2015-05-21 | CVE-2015-4000 | Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | 3.7 |
| 2015-05-14 | CVE-2015-3427 | SQL Injection vulnerability in multiple products Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. | 7.5 |
| 2015-05-14 | CVE-2015-0971 | Resource Management Errors vulnerability in multiple products The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. | 5.0 |