Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2016-5241 Numeric Errors vulnerability in multiple products
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
local
low complexity
graphicsmagick debian opensuse CWE-189
5.5
2017-02-03 CVE-2016-4571 Resource Exhaustion vulnerability in multiple products
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
local
low complexity
mini-xml-project debian CWE-400
5.5
2017-02-03 CVE-2016-4570 Resource Exhaustion vulnerability in multiple products
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
local
low complexity
mini-xml-project debian CWE-400
5.5
2017-02-03 CVE-2016-2318 NULL Pointer Dereference vulnerability in multiple products
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
local
low complexity
graphicsmagick debian suse opensuse CWE-476
5.5
2017-02-03 CVE-2016-2317 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
local
low complexity
graphicsmagick debian suse opensuse CWE-119
5.5
2017-02-01 CVE-2016-9963 Key Management Errors vulnerability in multiple products
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
network
high complexity
exim canonical debian CWE-320
5.9
2017-01-30 CVE-2016-9119 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
moinmo canonical debian CWE-79
6.1
2017-01-30 CVE-2016-7798 Inadequate Encryption Strength vulnerability in multiple products
The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.
network
low complexity
ruby-lang debian CWE-326
7.5
2017-01-30 CVE-2016-9939 Improper Input Validation vulnerability in multiple products
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine.
network
low complexity
cryptopp debian CWE-20
7.5
2017-01-30 CVE-2016-2518 Out-of-bounds Read vulnerability in multiple products
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
network
low complexity
ntp debian netapp oracle redhat freebsd siemens CWE-125
5.3