Vulnerabilities > Debian > Debian Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-02 | CVE-2016-8864 | Reachable Assertion vulnerability in multiple products named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. | 7.5 |
| 2016-10-05 | CVE-2016-1246 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. | 7.5 |
| 2016-10-03 | CVE-2016-7401 | 7PK - Security Features vulnerability in multiple products The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | 7.5 |
| 2016-10-03 | CVE-2016-1244 | Improper Input Validation vulnerability in multiple products The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file. | 8.8 |
| 2016-09-27 | CVE-2016-7045 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. | 7.5 |
| 2016-09-27 | CVE-2016-7044 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. | 7.5 |
| 2016-09-25 | CVE-2016-4738 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 8.8 |
| 2016-09-21 | CVE-2016-7163 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. | 7.8 |
| 2016-09-21 | CVE-2016-7143 | Improper Authorization vulnerability in multiple products The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | 8.1 |
| 2016-09-21 | CVE-2016-6801 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header. | 8.8 |