Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2016-09-07 CVE-2016-6351 The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer.
local
low complexity
qemu canonical debian
6.7
2016-09-02 CVE-2016-5107 Out-of-bounds Read vulnerability in multiple products
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors.
local
low complexity
qemu canonical debian CWE-125
6.0
2016-09-02 CVE-2016-5106 Out-of-bounds Write vulnerability in multiple products
The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of service (out-of-bounds write access) via vectors involving a MegaRAID Firmware Interface (MFI) command.
local
low complexity
qemu canonical debian CWE-787
6.0
2016-09-02 CVE-2016-5105 Use of Uninitialized Resource vulnerability in multiple products
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command.
local
low complexity
qemu canonical debian CWE-908
4.4
2016-09-02 CVE-2016-4952 Out-of-bounds Write vulnerability in multiple products
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command.
local
low complexity
qemu canonical debian CWE-787
6.0
2016-08-31 CVE-2016-7118 NULL Pointer Dereference vulnerability in Debian Linux 7.0
fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.
local
low complexity
debian CWE-476
5.5
2016-08-19 CVE-2016-6254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
network
low complexity
debian collectd fedoraproject CWE-119
critical
9.1
2016-08-19 CVE-2015-8949 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
network
low complexity
debian dbd-mysql-project CWE-416
critical
9.8
2016-08-19 CVE-2014-9906 Use After Free vulnerability in multiple products
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
network
low complexity
debian dbd-mysql-project CWE-416
critical
9.8
2016-08-13 CVE-2016-5384 Double Free vulnerability in multiple products
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
7.8