Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2017-02-09 CVE-2016-2147 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
network
low complexity
busybox debian canonical CWE-190
7.5
2017-02-06 CVE-2016-7800 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
network
low complexity
graphicsmagick opensuse debian CWE-191
7.5
2017-02-06 CVE-2016-7449 Out-of-bounds Read vulnerability in multiple products
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
network
low complexity
graphicsmagick debian opensuse CWE-125
7.5
2017-02-06 CVE-2016-7448 Resource Management Errors vulnerability in multiple products
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
network
low complexity
graphicsmagick debian opensuse CWE-399
7.5
2017-02-03 CVE-2016-10165 Out-of-bounds Read vulnerability in multiple products
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
7.1
2017-01-30 CVE-2016-7798 Inadequate Encryption Strength vulnerability in multiple products
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
network
low complexity
ruby-lang debian CWE-326
7.5
2017-01-30 CVE-2016-9939 Improper Input Validation vulnerability in multiple products
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine.
network
low complexity
cryptopp debian CWE-20
7.5
2017-01-27 CVE-2016-9453 Out-of-bounds Write vulnerability in multiple products
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
local
low complexity
libtiff opensuse debian CWE-787
7.8
2017-01-27 CVE-2016-10002 Information Exposure vulnerability in multiple products
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients.
network
low complexity
debian squid-cache CWE-200
7.5
2017-01-24 CVE-2016-10159 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
network
low complexity
php debian CWE-190
7.5