Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-08 | CVE-2012-6684 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. | 4.3 |
| 2014-12-29 | CVE-2014-8132 | Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. | 5.0 |
| 2014-12-18 | CVE-2014-3580 | Remote Denial of Service vulnerability in Apache Subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | 5.0 |
| 2014-12-16 | CVE-2014-9323 | Null Pointer Dereference vulnerability in multiple products The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. | 5.0 |
| 2014-12-15 | CVE-2014-6053 | Data Processing Errors vulnerability in multiple products The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. | 5.0 |
| 2014-12-11 | CVE-2014-8602 | Resource Management Errors vulnerability in multiple products iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. | 4.3 |
| 2014-12-10 | CVE-2014-8601 | Resource Management Errors vulnerability in multiple products PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. | 5.0 |
| 2014-12-08 | CVE-2014-3616 | Insufficient Session Expiration vulnerability in multiple products nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. | 4.3 |
| 2014-12-03 | CVE-2014-8104 | Resource Management Errors vulnerability in multiple products OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. | 6.8 |
| 2014-12-02 | CVE-2014-9116 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. | 5.0 |