Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-08-19 CVE-2016-6254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted network packet.
network
low complexity
debian collectd fedoraproject CWE-119
critical
9.1
2016-08-19 CVE-2015-8949 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
network
low complexity
debian dbd-mysql-project CWE-416
critical
9.8
2016-08-19 CVE-2014-9906 Use After Free vulnerability in multiple products
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
network
low complexity
debian dbd-mysql-project CWE-416
critical
9.8
2016-08-07 CVE-2016-5772 Double Free vulnerability in multiple products
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
network
low complexity
php suse opensuse debian CWE-415
critical
9.8
2016-08-07 CVE-2016-5771 Use After Free vulnerability in multiple products
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
network
low complexity
php opensuse debian CWE-416
critical
9.8
2016-08-07 CVE-2016-5770 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
network
low complexity
php opensuse debian CWE-190
critical
9.8
2016-08-07 CVE-2016-5116 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.
network
low complexity
libgd opensuse debian CWE-119
critical
9.1
2016-07-22 CVE-2016-4610 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
network
low complexity
xmlsoft apple fedoraproject debian CWE-119
critical
9.8
2016-07-22 CVE-2016-4609 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
network
low complexity
xmlsoft apple fedoraproject debian CWE-119
critical
9.8
2016-07-13 CVE-2016-5008 Improper Access Control vulnerability in multiple products
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
network
low complexity
redhat debian CWE-284
critical
9.8