Vulnerabilities > Debian > Debian Linux
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-04-13 | CVE-2015-2775 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. | 7.6 |
2015-04-08 | CVE-2015-2782 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. | 7.5 |
2015-04-01 | CVE-2015-2756 | Permissions, Privileges, and Access Controls vulnerability in multiple products QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. | 4.9 |
2015-04-01 | CVE-2014-9713 | Permissions, Privileges, and Access Controls vulnerability in multiple products The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors. | 4.0 |
2015-03-31 | CVE-2015-2776 | Improper Input Validation vulnerability in multiple products The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. | 4.3 |
2015-03-31 | CVE-2015-2754 | Improper Input Validation vulnerability in multiple products FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF." | 6.8 |
2015-03-31 | CVE-2015-2753 | Improper Input Validation vulnerability in multiple products FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook. | 6.8 |
2015-03-31 | CVE-2015-2684 | Improper Input Validation vulnerability in multiple products Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. | 4.0 |
2015-03-31 | CVE-2015-0838 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. | 7.5 |
2015-03-30 | CVE-2015-2305 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. | 6.8 |