Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2016-09-27 CVE-2016-7045 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
network
low complexity
irssi debian canonical CWE-119
7.5
2016-09-27 CVE-2016-7044 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.
network
low complexity
irssi debian canonical CWE-119
7.5
2016-09-25 CVE-2016-4738 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
low complexity
apple debian CWE-119
8.8
2016-09-21 CVE-2016-7163 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
7.8
2016-09-21 CVE-2016-7143 Improper Authorization vulnerability in multiple products
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.
network
high complexity
debian charybdis-project CWE-285
8.1
2016-09-21 CVE-2016-6801 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
network
low complexity
apache debian CWE-352
8.8
2016-09-20 CVE-2015-8931 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
local
low complexity
libarchive suse canonical debian CWE-190
7.8
2016-09-20 CVE-2015-8917 NULL Pointer Dereference vulnerability in multiple products
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
network
low complexity
debian libarchive canonical CWE-476
7.5
2016-09-09 CVE-2016-6211 Permissions, Privileges, and Access Controls vulnerability in multiple products
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
network
low complexity
drupal debian CWE-264
8.8
2016-09-07 CVE-2016-6318 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.
local
low complexity
cracklib-project opensuse debian CWE-787
7.8