14 matches found
DEBIAN-CVE-2016-10735
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...
DEBIAN-CVE-2016-1254
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service client crash via a crafted hidden service descriptor...
DEBIAN-CVE-2016-1517
OpenCV 3.0.0 allows remote attackers to cause a denial of service segfault via vectors involving corrupt chunks...
DEBIAN-CVE-2016-7407
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file...
DEBIAN-CVE-2016-5027
dwarfform.c in libdwarf 20160115 allows remote attackers to cause a denial of service crash via a crafted elf file...
DEBIAN-CVE-2016-5036
The dumpblock function in printsections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read via crafted frame data...
DEBIAN-CVE-2016-8705
Multiple integer overflows in processbinupdate function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution...
DEBIAN-CVE-2016-9911
Quick Emulator Qemu built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehciinittransfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host...
DEBIAN-CVE-2016-9103
The v9fsxattrcreate function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them...
DEBIAN-CVE-2016-8660
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service fdatasync failure and system hang by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."...
DEBIAN-CVE-2016-7142
The msasl module in InspIRCd before 2.0.23, when used with a service that supports SASLEXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message...
DEBIAN-CVE-2016-5838
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie...
DEBIAN-CVE-2016-4414
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service NULL pointer dereference and crash via invalid handshake data...
DEBIAN-CVE-2016-2057
lib/xymondipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions 666 for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue...