Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2015-07-14 CVE-2015-5143 Resource Management Errors vulnerability in multiple products
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.
network
low complexity
djangoproject debian oracle canonical CWE-399
7.8
2015-07-14 CVE-2015-3279 Numeric Errors vulnerability in multiple products
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
network
low complexity
linuxfoundation canonical debian CWE-189
7.5
2015-05-29 CVE-2015-4047 NULL Pointer Dereference vulnerability in multiple products
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
7.8
2015-05-14 CVE-2015-3427 SQL Injection vulnerability in multiple products
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message.
network
low complexity
quassel-irc debian CWE-89
7.5
2015-04-24 CVE-2015-3416 Integer Overflow or Wraparound vulnerability in multiple products
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
network
low complexity
canonical sqlite debian apple php CWE-190
7.5
2015-04-24 CVE-2015-3415 Improper Resource Shutdown or Release vulnerability in multiple products
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
network
low complexity
apple debian canonical sqlite php CWE-404
7.5
2015-04-24 CVE-2015-3414 Use of Uninitialized Resource vulnerability in multiple products
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
network
low complexity
sqlite apple debian canonical php CWE-908
7.5
2015-04-24 CVE-2015-3145 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
7.5
2015-04-19 CVE-2015-3333 Security vulnerability in Google V8
Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
google debian canonical
7.5
2015-04-16 CVE-2013-7439 Numeric Errors vulnerability in multiple products
Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow.
network
low complexity
x-org canonical debian CWE-189
7.5