Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-04-11 CVE-2016-1235 Permissions, Privileges, and Access Controls vulnerability in multiple products
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
network
low complexity
oar-project debian CWE-264
critical
9.0
2016-03-03 CVE-2016-0705 Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
network
low complexity
oracle openssl google canonical debian
critical
9.8
2016-02-21 CVE-2016-1629 Permissions, Privileges, and Access Controls vulnerability in multiple products
Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors.
network
low complexity
google novell opensuse debian CWE-264
critical
9.8
2016-01-08 CVE-2015-7512 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
network
high complexity
qemu redhat debian oracle CWE-120
critical
9.0
2015-12-06 CVE-2015-6764 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google nodejs debian CWE-119
critical
9.8
2015-07-23 CVE-2015-1276 Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an abort action before a certain write operation.
network
low complexity
google debian redhat opensuse
critical
9.8
2015-07-16 CVE-2015-2590 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
network
low complexity
oracle canonical debian suse opensuse redhat
critical
9.8
2015-04-24 CVE-2015-3144 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." The previous CVSS assessment 7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) was provided at the time of initial analysis based on the best available published information at that time.
network
low complexity
oracle haxx canonical debian CWE-119
critical
9.0
2015-04-14 CVE-2015-2788 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Debian Dbd-Firebird and Debian Linux
Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.
network
low complexity
debian CWE-119
critical
10.0
2015-03-31 CVE-2014-2830 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Debian Cifs-Utils 6.3
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
debian CWE-119
critical
10.0