Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-04 | CVE-2016-9189 | Integer Overflow or Wraparound vulnerability in multiple products Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. | 5.5 |
| 2016-11-02 | CVE-2016-8864 | Reachable Assertion vulnerability in multiple products named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. | 7.5 |
| 2016-10-25 | CVE-2016-5584 | Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. | 4.4 |
| 2016-10-10 | CVE-2016-7117 | Data Processing Errors vulnerability in multiple products Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. | 9.8 |
| 2016-10-07 | CVE-2016-7424 | NULL Pointer Dereference vulnerability in multiple products The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. | 5.5 |
| 2016-10-05 | CVE-2016-7909 | Infinite Loop vulnerability in multiple products The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0. | 4.4 |
| 2016-10-05 | CVE-2016-7908 | Infinite Loop vulnerability in multiple products The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | 4.4 |
| 2016-10-05 | CVE-2016-7161 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. | 9.8 |
| 2016-10-05 | CVE-2016-1246 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. | 7.5 |
| 2016-10-03 | CVE-2016-7401 | 7PK - Security Features vulnerability in multiple products The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | 7.5 |