linux
by Debian
Source repositories
CVEs (3,015)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2788 | 0.00 | — | 0.04 | Apr 14, 2015 | Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns. | |||
| CVE-2015-2782 | 0.00 | — | 0.06 | Apr 8, 2015 | Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. | |||
| CVE-2015-2756 | 0.00 | — | 0.00 | Apr 1, 2015 | QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express… | |||
| CVE-2014-9713 | 0.00 | — | 0.02 | Apr 1, 2015 | The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors. | |||
| CVE-2015-2776 | 0.00 | — | 0.02 | Mar 31, 2015 | The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. | |||
| CVE-2015-2754 | 0.00 | — | 0.03 | Mar 31, 2015 | FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF." | |||
| CVE-2015-2753 | 0.00 | — | 0.03 | Mar 31, 2015 | FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook. | |||
| CVE-2015-2684 | 0.00 | — | 0.02 | Mar 31, 2015 | Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. | |||
| CVE-2015-0838 | 0.00 | — | 0.03 | Mar 31, 2015 | Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. | |||
| CVE-2014-9706 | 0.00 | — | 0.05 | Mar 31, 2015 | The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree. | |||
| CVE-2014-9653 | 0.00 | — | 0.05 | Mar 30, 2015 | readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service… | |||
| CVE-2015-2157 | 0.00 | — | 0.01 | Mar 27, 2015 | The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | |||
| CVE-2015-2559 | 0.00 | — | 0.02 | Mar 25, 2015 | Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | |||
| CVE-2015-2317 | 0.00 | — | 0.05 | Mar 25, 2015 | The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as… | |||
| CVE-2015-0252 | 0.00 | — | 0.40 | Mar 24, 2015 | internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. | |||
| CVE-2015-1803 | 0.00 | — | 0.05 | Mar 20, 2015 | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and… | |||
| CVE-2015-1421 | 0.00 | — | 0.10 | Mar 16, 2015 | Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision… | |||
| CVE-2015-1420 | 0.00 | — | 0.00 | Mar 16, 2015 | Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the… | |||
| CVE-2014-8159 | 0.00 | — | 0.00 | Mar 16, 2015 | The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and… | |||
| CVE-2015-1782 | 0.00 | — | 0.04 | Mar 13, 2015 | The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. |
- CVE-2015-2788Apr 14, 2015risk 0.00cvss —epss 0.04
Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.
- CVE-2015-2782Apr 8, 2015risk 0.00cvss —epss 0.06
Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.
- CVE-2015-2756Apr 1, 2015risk 0.00cvss —epss 0.00
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express…
- CVE-2014-9713Apr 1, 2015risk 0.00cvss —epss 0.02
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.
- CVE-2015-2776Mar 31, 2015risk 0.00cvss —epss 0.02
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.
- CVE-2015-2754Mar 31, 2015risk 0.00cvss —epss 0.03
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF."
- CVE-2015-2753Mar 31, 2015risk 0.00cvss —epss 0.03
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook.
- CVE-2015-2684Mar 31, 2015risk 0.00cvss —epss 0.02
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.
- CVE-2015-0838Mar 31, 2015risk 0.00cvss —epss 0.03
Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file.
- CVE-2014-9706Mar 31, 2015risk 0.00cvss —epss 0.05
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
- CVE-2014-9653Mar 30, 2015risk 0.00cvss —epss 0.05
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service…
- CVE-2015-2157Mar 27, 2015risk 0.00cvss —epss 0.01
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
- CVE-2015-2559Mar 25, 2015risk 0.00cvss —epss 0.02
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
- CVE-2015-2317Mar 25, 2015risk 0.00cvss —epss 0.05
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as…
- CVE-2015-0252Mar 24, 2015risk 0.00cvss —epss 0.40
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
- CVE-2015-1803Mar 20, 2015risk 0.00cvss —epss 0.05
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and…
- CVE-2015-1421Mar 16, 2015risk 0.00cvss —epss 0.10
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision…
- CVE-2015-1420Mar 16, 2015risk 0.00cvss —epss 0.00
Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the…
- CVE-2014-8159Mar 16, 2015risk 0.00cvss —epss 0.00
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and…
- CVE-2015-1782Mar 13, 2015risk 0.00cvss —epss 0.04
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
Page 115 of 151