Vulnerabilities > Debian > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-05-13 CVE-2016-2195 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow.
network
low complexity
botan-project debian CWE-119
critical
9.8
2016-05-06 CVE-2016-4422 Improper Authentication vulnerability in multiple products
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.
network
low complexity
libpam-sshauth-project debian CWE-287
critical
9.8
2016-05-06 CVE-2015-0857 Command Injection vulnerability in multiple products
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
network
low complexity
tardiff-project debian CWE-77
critical
9.8
2016-04-26 CVE-2016-4002 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
network
low complexity
qemu fedoraproject canonical debian CWE-120
critical
9.8
2016-04-26 CVE-2016-3074 Incorrect Conversion between Numeric Types vulnerability in multiple products
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
network
low complexity
libgd debian fedoraproject canonical opensuse php CWE-681
critical
9.8
2016-04-21 CVE-2016-3427 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
network
low complexity
oracle canonical debian netapp apache redhat suse opensuse
critical
9.8
2016-04-19 CVE-2015-8779 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
network
low complexity
suse opensuse canonical debian gnu fedoraproject CWE-119
critical
9.8
2016-04-19 CVE-2015-8778 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.
network
low complexity
fedoraproject debian canonical gnu suse opensuse CWE-119
critical
9.8
2016-04-19 CVE-2015-8776 Numeric Errors vulnerability in multiple products
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
network
low complexity
suse opensuse canonical debian fedoraproject gnu CWE-189
critical
9.1
2016-04-18 CVE-2016-1659 Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
network
low complexity
debian suse opensuse canonical google
critical
9.8