Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-03-15 CVE-2017-5522 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
network
low complexity
debian osgeo CWE-119
critical
9.8
2017-03-15 CVE-2016-10195 Out-of-bounds Read vulnerability in multiple products
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
network
low complexity
libevent-project debian CWE-125
critical
9.8
2017-03-07 CVE-2016-8863 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request.
network
low complexity
libupnp-project debian CWE-119
critical
9.8
2017-02-27 CVE-2017-5946 Path Traversal vulnerability in multiple products
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability.
network
low complexity
rubyzip-project debian CWE-22
critical
9.8
2017-02-22 CVE-2016-1245 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages.
network
low complexity
quagga debian CWE-119
critical
9.8
2017-02-09 CVE-2016-2148 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
network
low complexity
busybox debian canonical CWE-119
critical
9.8
2017-02-06 CVE-2016-7447 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
graphicsmagick debian opensuse CWE-119
critical
9.8
2017-02-06 CVE-2016-7446 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
graphicsmagick debian opensuse CWE-119
critical
9.8
2017-01-30 CVE-2017-5611 SQL Injection vulnerability in multiple products
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
network
low complexity
wordpress debian oracle CWE-89
critical
9.8
2017-01-28 CVE-2017-5205 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
network
low complexity
tcpdump debian redhat CWE-119
critical
9.8