Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2016-02-23 CVE-2013-7448 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
network
low complexity
debian didiwiki-project CWE-22
7.5
2016-02-22 CVE-2016-2037 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
network
low complexity
gnu debian CWE-119
6.5
2016-02-21 CVE-2016-1629 Permissions, Privileges, and Access Controls vulnerability in multiple products
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
network
low complexity
google novell opensuse debian CWE-264
critical
9.8
2016-02-21 CVE-2016-1628 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions.
network
low complexity
google debian CWE-119
6.3
2016-02-19 CVE-2016-2270 Improper Input Validation vulnerability in multiple products
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
network
low complexity
debian fedoraproject xen oracle CWE-20
6.8
2016-02-18 CVE-2015-7547 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
8.1
2016-02-17 CVE-2016-0773 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
network
low complexity
postgresql canonical debian CWE-119
7.5
2016-02-17 CVE-2016-0766 Permissions, Privileges, and Access Controls vulnerability in multiple products
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
network
low complexity
postgresql canonical debian CWE-264
8.8
2016-02-16 CVE-2016-0753 Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
network
low complexity
rubyonrails debian fedoraproject opensuse
5.3
2016-02-16 CVE-2016-0752 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a ..
network
low complexity
rubyonrails opensuse suse debian redhat CWE-22
7.5