Vulnerabilities > Debian > Debian Linux > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-04-18 CVE-2016-1659 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
debian suse opensuse canonical google
critical
9.8
2016-04-13 CVE-2016-2054 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.
network
low complexity
debian xymon CWE-119
critical
9.8
2016-04-11 CVE-2015-8710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
network
low complexity
xmlsoft debian CWE-119
critical
9.8
2016-04-11 CVE-2016-2385 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.
network
low complexity
debian kamailio CWE-119
critical
9.8
2016-04-08 CVE-2016-3153 Code Injection vulnerability in multiple products
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
network
low complexity
debian spip CWE-94
critical
9.8
2016-04-07 CVE-2016-2851 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
network
low complexity
debian opensuse cypherpunks CWE-119
critical
9.8
2016-03-03 CVE-2016-0705 Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
network
low complexity
oracle openssl google canonical debian
critical
9.8
2016-02-21 CVE-2016-1629 Permissions, Privileges, and Access Controls vulnerability in multiple products
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
network
low complexity
google novell opensuse debian CWE-264
critical
9.8
2016-02-15 CVE-2016-0746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
network
low complexity
f5 canonical debian opensuse apple CWE-416
critical
9.8
2016-01-08 CVE-2015-7512 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
network
high complexity
qemu redhat debian oracle CWE-120
critical
9.0