Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-08-12 CVE-2016-6214 Out-of-bounds Read vulnerability in multiple products
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
network
low complexity
libgd debian opensuse CWE-125
6.5
2016-08-12 CVE-2016-6207 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.
network
low complexity
libgd debian opensuse php CWE-190
6.5
2016-08-12 CVE-2016-6161 Out-of-bounds Read vulnerability in multiple products
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
network
low complexity
libgd debian opensuse CWE-125
6.5
2016-08-12 CVE-2016-6132 Out-of-bounds Read vulnerability in multiple products
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
network
low complexity
libgd debian opensuse CWE-125
6.5
2016-08-05 CVE-2016-6186 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
network
low complexity
debian djangoproject CWE-79
6.1
2016-08-02 CVE-2016-5403 Resource Exhaustion vulnerability in multiple products
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
local
low complexity
canonical oracle qemu debian redhat CWE-400
5.5
2016-07-26 CVE-2016-3992 Improper Access Control vulnerability in multiple products
cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.
local
low complexity
cronic-project debian opensuse CWE-284
6.2
2016-07-21 CVE-2016-5440 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
network
low complexity
ibm mariadb oracle debian canonical redhat
4.9
2016-07-21 CVE-2016-3615 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
network
high complexity
oracle mariadb ibm debian canonical
5.3
2016-07-21 CVE-2016-3521 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
network
low complexity
ibm mariadb oracle debian canonical
6.5