Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2016-04-19 CVE-2014-9765 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.
network
low complexity
canonical debian xdelta opensuse CWE-119
8.8
2016-04-18 CVE-2016-1655 Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.
network
low complexity
debian suse opensuse google canonical
8.8
2016-04-18 CVE-2016-1653 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.
network
low complexity
debian suse opensuse canonical google CWE-119
8.8
2016-04-18 CVE-2016-1651 Information Exposure vulnerability in multiple products
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.
network
low complexity
google debian suse opensuse CWE-200
8.1
2016-04-14 CVE-2015-8560 Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
network
low complexity
canonical debian linuxfoundation
7.3
2016-04-14 CVE-2015-8540 Numeric Errors vulnerability in multiple products
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
network
low complexity
redhat libpng fedoraproject debian CWE-189
8.8
2016-04-14 CVE-2015-5343 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
network
low complexity
apache debian CWE-119
7.6
2016-04-13 CVE-2015-8806 dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
network
low complexity
xmlsoft canonical debian
7.5
2016-04-13 CVE-2015-3146 The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
network
low complexity
libssh canonical debian fedoraproject
7.5
2016-04-13 CVE-2016-3982 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
8.8