Vulnerabilities > Debian > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-15 | CVE-2017-5522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. | 9.8 |
2017-03-15 | CVE-2016-10195 | Out-of-bounds Read vulnerability in multiple products The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. | 9.8 |
2017-03-07 | CVE-2016-8863 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request. | 9.8 |
2017-02-27 | CVE-2017-5946 | Path Traversal vulnerability in multiple products The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. | 9.8 |
2017-02-22 | CVE-2016-1245 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. | 9.8 |
2017-02-09 | CVE-2016-2148 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | 9.8 |
2017-02-06 | CVE-2016-7447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | 9.8 |
2017-02-06 | CVE-2016-7446 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. | 9.8 |
2017-01-30 | CVE-2017-5611 | SQL Injection vulnerability in multiple products SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | 9.8 |
2017-01-28 | CVE-2017-5205 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). | 9.8 |