Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2016-02-01 CVE-2015-8783 Out-of-bounds Read vulnerability in multiple products
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
network
low complexity
libtiff debian CWE-125
6.5
2016-02-01 CVE-2015-8782 Out-of-bounds Write vulnerability in multiple products
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
network
low complexity
debian libtiff CWE-787
6.5
2016-02-01 CVE-2015-8781 Out-of-bounds Write vulnerability in multiple products
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
network
low complexity
debian libtiff CWE-787
6.5
2016-01-29 CVE-2016-0755 Improper Authentication vulnerability in multiple products
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
network
low complexity
haxx canonical debian CWE-287
7.3
2016-01-27 CVE-2016-2047 7PK - Security Features vulnerability in multiple products
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
5.9
2016-01-26 CVE-2016-1233 Permissions, Privileges, and Access Controls vulnerability in Debian Fuse 2.9.314
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.
local
low complexity
debian CWE-264
7.8
2016-01-26 CVE-2015-7974 Improper Authentication vulnerability in multiple products
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
network
low complexity
ntp siemens netapp debian CWE-287
7.7
2016-01-22 CVE-2016-1572 Improper Privilege Management vulnerability in multiple products
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
8.4
2016-01-19 CVE-2015-6831 Use After Free vulnerability in multiple products
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.
network
low complexity
php debian CWE-416
7.3
2016-01-14 CVE-2015-8605 Improper Input Validation vulnerability in multiple products
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
low complexity
sophos isc debian canonical CWE-20
6.5