Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-05-14 CVE-2016-1670 Race Condition vulnerability in multiple products
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.
network
high complexity
google opensuse debian CWE-362
5.3
2016-05-13 CVE-2016-2860 Improper Access Control vulnerability in multiple products
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
network
low complexity
openafs debian CWE-284
6.5
2016-05-11 CVE-2016-3712 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
5.5
2016-05-11 CVE-2016-1236 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.
network
low complexity
websvn debian CWE-79
6.1
2016-05-10 CVE-2016-4561 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
network
low complexity
ikiwiki debian CWE-79
6.1
2016-05-05 CVE-2016-2107 Information Exposure vulnerability in multiple products
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session.
5.9
2016-04-25 CVE-2016-4085 Improper Input Validation vulnerability in multiple products
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.
network
high complexity
oracle debian wireshark CWE-20
5.9
2016-04-25 CVE-2016-4082 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet.
network
high complexity
wireshark debian oracle CWE-119
5.9
2016-04-25 CVE-2016-4079 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet.
network
high complexity
debian oracle wireshark CWE-119
5.9
2016-04-21 CVE-2016-0668 Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
local
high complexity
oracle mariadb debian suse opensuse canonical
4.1