Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-24 | CVE-2015-3414 | Use of Uninitialized Resource vulnerability in multiple products SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. | 7.5 |
| 2015-04-24 | CVE-2015-3310 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. | 4.3 |
| 2015-04-24 | CVE-2015-3148 | Improper Access Control vulnerability in multiple products cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | 5.0 |
| 2015-04-24 | CVE-2015-3145 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. | 7.5 |
| 2015-04-24 | CVE-2015-3144 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." The previous CVSS assessment 7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) was provided at the time of initial analysis based on the best available published information at that time. | 9.0 |
| 2015-04-24 | CVE-2015-3143 | Permissions, Privileges, and Access Controls vulnerability in multiple products cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. | 5.0 |
| 2015-04-19 | CVE-2015-3336 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. | 4.3 |
| 2015-04-19 | CVE-2015-3334 | Code vulnerability in Google Chrome browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. | 4.3 |
| 2015-04-19 | CVE-2015-3333 | Security vulnerability in Google V8 Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 7.5 |
| 2015-04-16 | CVE-2015-2575 | Remote Security vulnerability in Oracle MySQL Connectors Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. | 4.9 |