Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-04-18 CVE-2016-1652 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
debian suse opensuse google CWE-79
6.1
2016-04-13 CVE-2016-0787 Information Exposure vulnerability in multiple products
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
network
high complexity
fedoraproject opensuse libssh2 debian CWE-200
5.9
2016-04-13 CVE-2016-0739 Information Exposure vulnerability in multiple products
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."
5.9
2016-04-13 CVE-2015-8784 Out-of-bounds Write vulnerability in multiple products
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
network
low complexity
libtiff debian CWE-787
6.5
2016-04-13 CVE-2015-8683 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
local
low complexity
libtiff debian CWE-119
5.5
2016-04-13 CVE-2015-1547 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
network
low complexity
debian libtiff CWE-119
6.5
2016-04-13 CVE-2014-9655 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
network
low complexity
debian remotesensing CWE-119
6.5
2016-04-13 CVE-2016-2533 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
network
low complexity
python-imaging-project python debian CWE-119
6.5
2016-04-13 CVE-2016-2228 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.
network
low complexity
debian horde fedoraproject CWE-79
6.1
2016-04-13 CVE-2016-2191 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
network
low complexity
optipng canonical debian opensuse CWE-119
6.5