Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2017-01-24 CVE-2016-10160 Off-by-one Error vulnerability in multiple products
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
network
low complexity
php netapp debian CWE-193
7.5
2017-01-06 CVE-2016-2368 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin.
network
low complexity
pidgin canonical debian CWE-119
7.5
2016-12-23 CVE-2016-8707 Out-of-bounds Write vulnerability in multiple products
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility.
local
low complexity
imagemagick debian CWE-787
7.8
2016-12-23 CVE-2016-7966 Code Injection vulnerability in multiple products
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer.
network
low complexity
kde debian fedoraproject suse CWE-94
7.3
2016-12-12 CVE-2016-9427 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
network
low complexity
bdwgc-project debian opensuse CWE-190
7.5
2016-11-10 CVE-2016-5195 Race Condition vulnerability in multiple products
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
7.0
2016-10-03 CVE-2016-1244 Improper Input Validation vulnerability in multiple products
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
network
low complexity
unadf-project debian CWE-20
8.8
2016-09-28 CVE-2016-7568 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
network
low complexity
libgd php debian CWE-190
7.5
2016-09-26 CVE-2016-4303 Classic Buffer Overflow vulnerability in multiple products
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
network
low complexity
iperf3-project novell opensuse debian CWE-120
7.5
2016-09-25 CVE-2016-4738 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
network
low complexity
apple debian CWE-119
8.8