Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2016-04-18 CVE-2016-1651 Information Exposure vulnerability in multiple products
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.
network
low complexity
google debian suse opensuse CWE-200
8.1
2016-04-14 CVE-2015-8560 Arbitrary Command Execution vulnerability in cups-filters
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
network
low complexity
canonical debian linuxfoundation
7.5
2016-04-14 CVE-2015-8540 Numeric Errors vulnerability in multiple products
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
network
low complexity
redhat libpng fedoraproject debian CWE-189
8.8
2016-04-14 CVE-2015-5343 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
network
low complexity
apache debian CWE-119
8.0
2016-04-13 CVE-2016-3630 Data Processing Errors vulnerability in multiple products
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
8.8
2016-04-13 CVE-2016-2054 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.
network
low complexity
debian xymon CWE-119
7.5
2016-04-12 CVE-2016-3168 7PK - Security Features vulnerability in multiple products
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."
8.5
2016-04-12 CVE-2015-8702 Improper Input Validation vulnerability in multiple products
The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname.
network
low complexity
debian inspircd CWE-20
7.8
2016-04-12 CVE-2016-2857 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
local
low complexity
qemu canonical debian redhat CWE-119
8.4
2016-04-12 CVE-2016-1568 Use After Free vulnerability in multiple products
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
local
low complexity
qemu redhat debian CWE-416
8.8