Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-11 | CVE-2016-3712 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | 5.5 |
| 2016-05-11 | CVE-2016-3710 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | 8.8 |
| 2016-05-11 | CVE-2016-1236 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository. | 6.1 |
| 2016-05-10 | CVE-2016-4561 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. | 6.1 |
| 2016-05-09 | CVE-2016-3105 | Improper Access Control vulnerability in multiple products The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | 8.8 |
| 2016-05-06 | CVE-2016-4422 | Improper Authentication vulnerability in multiple products The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | 9.8 |
| 2016-05-06 | CVE-2015-8868 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document. | 7.8 |
| 2016-05-06 | CVE-2015-0858 | Link Following vulnerability in multiple products Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. | 3.3 |
| 2016-05-06 | CVE-2015-0857 | Command Injection vulnerability in multiple products Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | 9.8 |
| 2016-05-05 | CVE-2016-3714 | Improper Input Validation vulnerability in multiple products The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | 8.4 |