Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2016-04-12 CVE-2016-1568 Use After Free vulnerability in multiple products
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
local
low complexity
qemu redhat debian CWE-416
8.8
2016-04-11 CVE-2015-8710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
network
low complexity
xmlsoft debian CWE-119
7.5
2016-04-11 CVE-2016-2385 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.
network
low complexity
debian kamailio CWE-119
critical
10.0
2016-04-11 CVE-2016-1235 Permissions, Privileges, and Access Controls vulnerability in multiple products
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
network
low complexity
oar-project debian CWE-264
critical
9.0
2016-04-11 CVE-2012-6700 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
network
low complexity
debian dhcpcd-project CWE-119
5.0
2016-04-11 CVE-2012-6699 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
network
low complexity
debian dhcpcd-project CWE-119
5.0
2016-04-11 CVE-2012-6698 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.
network
low complexity
debian dhcpcd-project CWE-119
5.0
2016-04-08 CVE-2016-2381 Improper Input Validation vulnerability in multiple products
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
network
low complexity
perl debian oracle opensuse canonical CWE-20
5.0
2016-04-08 CVE-2016-3153 Code Injection vulnerability in multiple products
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
network
low complexity
debian spip CWE-94
7.5
2016-04-07 CVE-2016-2851 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
network
low complexity
debian opensuse cypherpunks CWE-119
7.5