Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-15 | CVE-2016-10197 | Out-of-bounds Read vulnerability in multiple products The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. | 7.5 |
| 2017-03-15 | CVE-2016-10196 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. | 7.5 |
| 2017-03-15 | CVE-2016-10195 | Out-of-bounds Read vulnerability in multiple products The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. | 9.8 |
| 2017-03-15 | CVE-2016-10155 | Memory Leak vulnerability in multiple products Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | 6.0 |
| 2017-03-15 | CVE-2017-6060 | Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. | 7.8 |
| 2017-03-15 | CVE-2017-5938 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | 6.1 |
| 2017-03-12 | CVE-2017-6817 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | 5.4 |
| 2017-03-12 | CVE-2017-6816 | Incorrect Authorization vulnerability in multiple products In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. | 4.9 |
| 2017-03-12 | CVE-2017-6815 | Improper Input Validation vulnerability in multiple products In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | 6.1 |
| 2017-03-12 | CVE-2017-6814 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. | 5.4 |