Debian Linux Security Vulnerabilities and Issues — Debian Linux CVE List

Lucene search

DebianDebian Linux

11 matches found

CVE•added 2016/10/03 6:59 p.m.•405 views

CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.

7.5CVSS7.5AI score0.06628EPSS

Web

CVE•added 2016/10/10 11:0 a.m.•339 views

CVE-2016-7117

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

10CVSS9.3AI score0.04788EPSS

CVE•added 2016/10/03 3:59 p.m.•152 views

CVE-2016-5180

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

9.8CVSS9.8AI score0.20025EPSS

CVE•added 2016/10/25 2:30 p.m.•119 views

CVE-2016-5584

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

4.4CVSS4.4AI score0.00983EPSS

CVE•added 2016/10/05 4:59 p.m.•99 views

CVE-2016-1246

Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

7.5CVSS6.2AI score0.01138EPSS

CVE•added 2016/10/05 4:59 p.m.•97 views

CVE-2016-7161

Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.

10CVSS9.5AI score0.05178EPSS

CVE•added 2016/10/05 4:59 p.m.•92 views

CVE-2016-7908

The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer de...

4.4CVSS6AI score0.00135EPSS

CVE•added 2016/10/03 6:59 p.m.•90 views

CVE-2016-1244

The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.

9.3CVSS9.3AI score0.09936EPSS

CVE•added 2016/10/05 4:59 p.m.•86 views

CVE-2016-7909

The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.

4.9CVSS5.3AI score0.00143EPSS

CVE•added 2016/10/03 6:59 p.m.•79 views

CVE-2016-1243

Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.

9.8CVSS9.7AI score0.27593EPSS

CVE•added 2016/10/07 2:59 p.m.•63 views

CVE-2016-7424

The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.

5.5CVSS5.1AI score0.0024EPSS