Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2016-04-11 CVE-2016-1235 Permissions, Privileges, and Access Controls vulnerability in multiple products
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
network
low complexity
oar-project debian CWE-264
8.8
2016-04-11 CVE-2012-6700 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
network
low complexity
debian dhcpcd-project CWE-119
7.5
2016-04-11 CVE-2012-6699 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
network
low complexity
debian dhcpcd-project CWE-119
7.5
2016-04-11 CVE-2012-6698 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.
network
low complexity
debian dhcpcd-project CWE-119
7.5
2016-04-08 CVE-2016-2381 Improper Input Validation vulnerability in multiple products
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
network
low complexity
perl debian oracle opensuse canonical CWE-20
7.5
2016-04-07 CVE-2016-2098 Improper Input Validation vulnerability in multiple products
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
network
low complexity
debian rubyonrails CWE-20
7.3
2016-04-07 CVE-2016-2510 Data Processing Errors vulnerability in multiple products
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
network
high complexity
beanshell debian canonical CWE-19
8.1
2016-03-30 CVE-2015-8837 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.
7.3
2016-03-29 CVE-2016-1650 The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document.
network
low complexity
opensuse debian google
8.8
2016-03-29 CVE-2016-1649 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages.
network
low complexity
debian canonical opensuse google CWE-119
8.8