Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-01-13 CVE-2016-2090 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.
network
low complexity
fedoraproject freedesktop debian canonical CWE-119
critical
9.8
2016-10-10 CVE-2016-7117 Data Processing Errors vulnerability in multiple products
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
network
low complexity
debian linux canonical CWE-19
critical
9.8
2016-10-05 CVE-2016-7161 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
network
low complexity
qemu debian CWE-787
critical
9.8
2016-10-03 CVE-2016-1243 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
network
low complexity
debian unadf-project CWE-119
critical
9.8
2016-10-03 CVE-2016-5180 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
network
low complexity
c-ares-project c-ares debian nodejs canonical CWE-787
critical
9.8
2016-09-22 CVE-2016-6525 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
network
low complexity
debian artifex CWE-119
critical
9.8
2016-09-21 CVE-2016-6354 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
network
low complexity
debian westes CWE-119
critical
9.8
2016-09-20 CVE-2016-6662 Permissions, Privileges, and Access Controls vulnerability in multiple products
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.
network
low complexity
oracle percona mariadb debian redhat CWE-264
critical
10.0
2016-08-19 CVE-2016-6254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
network
low complexity
debian collectd fedoraproject CWE-119
critical
9.1
2016-08-19 CVE-2015-8949 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
network
low complexity
dbd-mysql-project debian CWE-416
critical
10.0