Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-01-28 CVE-2017-5205 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
network
low complexity
tcpdump debian redhat CWE-119
critical
9.8
2017-01-28 CVE-2017-5204 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
network
low complexity
tcpdump debian redhat CWE-119
critical
9.8
2017-01-28 CVE-2017-5203 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
network
low complexity
tcpdump debian redhat CWE-119
critical
9.8
2017-01-28 CVE-2017-5202 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
network
low complexity
tcpdump debian redhat CWE-119
critical
9.8
2017-01-27 CVE-2016-9636 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8
2017-01-27 CVE-2016-9635 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8
2017-01-27 CVE-2016-9634 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
network
low complexity
gstreamer redhat debian CWE-119
critical
9.8
2017-01-24 CVE-2016-10160 Off-by-one Error vulnerability in multiple products
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
network
low complexity
php netapp debian CWE-193
critical
9.8
2017-01-13 CVE-2016-2090 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
network
low complexity
fedoraproject freedesktop debian canonical CWE-119
critical
9.8
2016-12-16 CVE-2013-1430 Credentials Management vulnerability in multiple products
An issue was discovered in xrdp before 0.9.1.
network
low complexity
neutrinolabs debian CWE-255
critical
9.8