Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-02-06 CVE-2016-7447 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
graphicsmagick debian opensuse CWE-119
7.5
2017-02-06 CVE-2016-7446 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
graphicsmagick debian opensuse CWE-119
7.5
2017-02-03 CVE-2016-10165 Out-of-bounds Read vulnerability in multiple products
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
7.1
2017-02-03 CVE-2016-4571 Resource Exhaustion vulnerability in multiple products
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
7.1
2017-02-03 CVE-2016-4570 Resource Exhaustion vulnerability in multiple products
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
7.1
2017-01-30 CVE-2016-9939 Improper Input Validation vulnerability in multiple products
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine.
network
low complexity
cryptopp debian CWE-20
7.5
2017-01-30 CVE-2017-5611 SQL Injection vulnerability in multiple products
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
network
low complexity
wordpress debian oracle CWE-89
7.5
2017-01-27 CVE-2016-9636 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
network
low complexity
gstreamer redhat debian CWE-119
7.5
2017-01-27 CVE-2016-9635 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
network
low complexity
gstreamer redhat debian CWE-119
7.5
2017-01-27 CVE-2016-9634 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
network
low complexity
gstreamer redhat debian CWE-119
7.5