Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-17 CVE-2016-3627 Uncontrolled Recursion vulnerability in multiple products
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
7.5
2016-05-14 CVE-2016-1669 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
debian google opensuse nodejs canonical CWE-119
8.8
2016-05-14 CVE-2016-1668 Improper Access Control vulnerability in multiple products
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
google opensuse debian CWE-284
8.8
2016-05-14 CVE-2016-1667 Improper Access Control vulnerability in multiple products
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
network
low complexity
opensuse debian google CWE-284
8.8
2016-05-13 CVE-2016-3994 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
network
low complexity
debian enlightenment CWE-119
8.2
2016-05-13 CVE-2016-3993 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.
network
low complexity
enlightenment debian CWE-119
7.5
2016-05-13 CVE-2015-8312 Numeric Errors vulnerability in multiple products
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.
local
low complexity
openafs debian CWE-189
7.8
2016-05-13 CVE-2014-9771 Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.
network
low complexity
enlightenment debian
7.5
2016-05-13 CVE-2014-9764 Improper Input Validation vulnerability in multiple products
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.
network
low complexity
debian enlightenment CWE-20
7.5
2016-05-13 CVE-2014-9763 Numeric Errors vulnerability in multiple products
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.
network
low complexity
debian enlightenment CWE-189
7.5