Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2016-04-11 CVE-2015-8710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
network
low complexity
xmlsoft debian CWE-119
7.5
2016-04-08 CVE-2016-3153 Code Injection vulnerability in multiple products
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
network
low complexity
debian spip CWE-94
7.5
2016-04-07 CVE-2016-2851 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
network
low complexity
debian opensuse cypherpunks CWE-119
7.5
2016-04-07 CVE-2016-2098 Improper Input Validation vulnerability in multiple products
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
network
low complexity
debian rubyonrails CWE-20
7.5
2016-03-29 CVE-2016-1650 The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.
network
low complexity
opensuse debian google
8.8
2016-03-29 CVE-2016-1649 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.
network
low complexity
debian canonical opensuse google CWE-119
8.8
2016-03-29 CVE-2016-1648 Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google opensuse debian
8.8
2016-03-29 CVE-2016-1647 Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google canonical debian opensuse
8.8
2016-03-29 CVE-2016-1646 Out-of-bounds Read vulnerability in multiple products
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
debian canonical google opensuse suse redhat CWE-125
8.8
2016-03-17 CVE-2016-2342 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
network
high complexity
quagga debian CWE-119
7.6