Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-02 CVE-2016-5106 Out-of-bounds Write vulnerability in multiple products
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.
local
low complexity
qemu canonical debian CWE-787
6.0
2016-09-02 CVE-2016-5105 Use of Uninitialized Resource vulnerability in multiple products
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.
local
low complexity
qemu canonical debian CWE-908
4.4
2016-09-02 CVE-2016-4952 Out-of-bounds Write vulnerability in multiple products
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
local
low complexity
qemu canonical debian CWE-787
6.0
2016-08-31 CVE-2016-7118 NULL Pointer Dereference vulnerability in Debian Linux 7.0
fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.
local
low complexity
debian CWE-476
5.5
2016-08-12 CVE-2016-6214 Out-of-bounds Read vulnerability in multiple products
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
network
low complexity
libgd debian opensuse CWE-125
6.5
2016-08-12 CVE-2016-6207 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
network
low complexity
libgd debian opensuse php CWE-190
6.5
2016-08-12 CVE-2016-6161 Out-of-bounds Read vulnerability in multiple products
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
network
low complexity
libgd debian opensuse CWE-125
6.5
2016-08-12 CVE-2016-6132 Out-of-bounds Read vulnerability in multiple products
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
network
low complexity
libgd debian opensuse CWE-125
6.5
2016-08-05 CVE-2016-6186 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
network
low complexity
debian djangoproject CWE-79
6.1
2016-08-02 CVE-2016-5403 Resource Exhaustion vulnerability in multiple products
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
local
low complexity
canonical oracle qemu debian redhat CWE-400
5.5