Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-10-10 CVE-2016-7117 Data Processing Errors vulnerability in multiple products
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
network
low complexity
debian linux canonical CWE-19
critical
9.8
2016-10-05 CVE-2016-7161 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
network
low complexity
qemu debian CWE-787
critical
9.8
2016-10-03 CVE-2016-1243 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
network
low complexity
debian unadf-project CWE-119
critical
9.8
2016-10-03 CVE-2016-5180 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
network
low complexity
c-ares-project c-ares debian nodejs canonical CWE-787
critical
9.8
2016-09-28 CVE-2016-7568 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
network
low complexity
libgd php debian CWE-190
critical
9.8
2016-09-26 CVE-2016-4303 Classic Buffer Overflow vulnerability in multiple products
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
network
low complexity
iperf3-project novell opensuse debian CWE-120
critical
9.8
2016-09-22 CVE-2016-6525 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
network
low complexity
debian artifex CWE-119
critical
9.8
2016-09-21 CVE-2016-6354 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
network
low complexity
debian westes CWE-119
critical
9.8
2016-09-21 CVE-2015-8871 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
debian uclouvain CWE-416
critical
9.8
2016-09-20 CVE-2016-6662 Permissions, Privileges, and Access Controls vulnerability in multiple products
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration.
network
low complexity
oracle percona mariadb debian redhat CWE-264
critical
9.8