Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-13 CVE-2016-5384 Double Free vulnerability in multiple products
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
7.8
2016-08-10 CVE-2016-5421 Use After Free vulnerability in multiple products
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
8.1
2016-08-10 CVE-2016-5420 Improper Authorization vulnerability in multiple products
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
network
low complexity
debian haxx opensuse CWE-285
7.5
2016-08-10 CVE-2016-5419 Cryptographic Issues vulnerability in multiple products
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
network
low complexity
haxx debian opensuse CWE-310
7.5
2016-08-07 CVE-2016-4029 Server-Side Request Forgery (SSRF) vulnerability in multiple products
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
network
low complexity
wordpress debian CWE-918
8.6
2016-08-07 CVE-2016-6128 Improper Input Validation vulnerability in multiple products
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
network
low complexity
debian opensuse libgd canonical CWE-20
7.5
2016-08-07 CVE-2016-5766 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
network
low complexity
redhat freebsd libgd fedoraproject debian CWE-190
8.8
2016-08-06 CVE-2016-3070 NULL Pointer Dereference vulnerability in multiple products
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
local
low complexity
debian linux CWE-476
7.8
2016-08-05 CVE-2016-3822 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 28868315.
local
low complexity
google debian CWE-119
7.8
2016-08-02 CVE-2016-6185 The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
local
low complexity
perl fedoraproject debian oracle canonical
7.8