Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-09-09 | CVE-2016-7176 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. | 5.9 |
2016-09-07 | CVE-2016-6316 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers. | 6.1 |
2016-09-07 | CVE-2016-6351 | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. | 6.7 |
2016-08-31 | CVE-2016-7118 | NULL Pointer Dereference vulnerability in Debian Linux 7.0 fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem. | 4.9 |
2016-08-12 | CVE-2016-6214 | Out-of-bounds Read vulnerability in multiple products gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | 4.3 |
2016-08-12 | CVE-2016-6207 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. | 4.3 |
2016-08-12 | CVE-2016-6161 | Out-of-bounds Read vulnerability in multiple products The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. | 4.3 |
2016-08-12 | CVE-2016-6132 | Out-of-bounds Read vulnerability in multiple products The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | 4.3 |
2016-08-07 | CVE-2016-6128 | Improper Input Validation vulnerability in multiple products The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. | 5.0 |
2016-08-07 | CVE-2016-5766 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | 6.8 |