Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-13 CVE-2014-9762 Improper Input Validation vulnerability in multiple products
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.
network
low complexity
enlightenment debian CWE-20
7.5
2016-05-13 CVE-2011-5326 Numeric Errors vulnerability in multiple products
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
network
low complexity
debian enlightenment CWE-189
7.5
2016-05-13 CVE-2016-2849 Information Exposure vulnerability in multiple products
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
network
low complexity
debian fedoraproject botan-project CWE-200
7.5
2016-05-13 CVE-2016-2194 Improper Input Validation vulnerability in multiple products
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
network
low complexity
debian botan-project CWE-20
7.5
2016-05-13 CVE-2015-7827 Information Exposure vulnerability in multiple products
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
network
low complexity
fedoraproject botan-project debian CWE-200
7.5
2016-05-13 CVE-2015-5727 Resource Management Errors vulnerability in multiple products
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.
network
low complexity
botan-project debian CWE-399
7.5
2016-05-13 CVE-2015-5726 Improper Input Validation vulnerability in multiple products
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
network
low complexity
botan-project debian CWE-20
7.5
2016-05-11 CVE-2016-3710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
8.8
2016-05-09 CVE-2016-3105 Improper Access Control vulnerability in multiple products
The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
network
low complexity
debian mercurial CWE-284
8.8
2016-05-06 CVE-2015-8868 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.
7.8