Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-13 | CVE-2016-2195 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | 9.8 |
| 2016-05-13 | CVE-2016-2194 | Improper Input Validation vulnerability in multiple products The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | 7.5 |
| 2016-05-13 | CVE-2015-7827 | Information Exposure vulnerability in multiple products Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | 7.5 |
| 2016-05-13 | CVE-2015-5727 | Resource Management Errors vulnerability in multiple products The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | 7.5 |
| 2016-05-13 | CVE-2015-5726 | Improper Input Validation vulnerability in multiple products The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | 7.5 |
| 2016-05-11 | CVE-2016-3712 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | 5.5 |
| 2016-05-11 | CVE-2016-3710 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | 8.8 |
| 2016-05-11 | CVE-2016-1236 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository. | 6.1 |
| 2016-05-10 | CVE-2016-4561 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. | 6.1 |
| 2016-05-09 | CVE-2016-3105 | Improper Access Control vulnerability in multiple products The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | 8.8 |