Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2016-12-23 CVE-2016-7966 Code Injection vulnerability in multiple products
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer.
network
low complexity
kde debian fedoraproject suse CWE-94
7.3
2016-12-09 CVE-2016-5424 Code Injection vulnerability in multiple products
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
network
high complexity
debian postgresql CWE-94
7.1
2016-12-09 CVE-2016-5423 NULL Pointer Dereference vulnerability in multiple products
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
network
low complexity
debian postgresql CWE-476
8.3
2016-11-23 CVE-2016-1248 Improper Input Validation vulnerability in multiple products
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
local
low complexity
vim debian CWE-20
7.8
2016-11-10 CVE-2016-5195 Race Condition vulnerability in multiple products
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
7.0
2016-11-04 CVE-2016-9190 Improper Access Control vulnerability in multiple products
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
local
low complexity
python debian CWE-284
7.8
2016-11-02 CVE-2016-8864 Reachable Assertion vulnerability in multiple products
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
network
low complexity
isc netapp redhat debian CWE-617
7.5
2016-10-05 CVE-2016-1246 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
network
low complexity
dbd-mysql-project debian CWE-119
7.5
2016-10-03 CVE-2016-7401 7PK - Security Features vulnerability in multiple products
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
network
low complexity
canonical djangoproject debian CWE-254
7.5
2016-10-03 CVE-2016-1244 Improper Input Validation vulnerability in multiple products
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
network
low complexity
unadf-project debian CWE-20
8.8