Debian

Debian Linux

9142 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2016-5118

  • EPSS 35.42%
  • Published 10.06.2016 15:59:06
  • Last modified 12.04.2025 10:46:40

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

7.1

CVE-2016-4449

  • EPSS 0.12%
  • Published 09.06.2016 16:59:07
  • Last modified 12.04.2025 10:46:40

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con...

7.5

CVE-2016-4447

Exploit
  • EPSS 3.33%
  • Published 09.06.2016 16:59:05
  • Last modified 12.04.2025 10:46:40

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

7.1

CVE-2016-2150

  • EPSS 0.07%
  • Published 09.06.2016 16:59:04
  • Last modified 12.04.2025 10:46:40

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

10

CVE-2016-0749

  • EPSS 16.15%
  • Published 09.06.2016 16:59:00
  • Last modified 12.04.2025 10:46:40

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.

9.8

CVE-2016-5108

  • EPSS 29.1%
  • Published 08.06.2016 15:00:04
  • Last modified 12.04.2025 10:46:40

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

7.5

CVE-2016-4450

  • EPSS 4.09%
  • Published 07.06.2016 14:06:14
  • Last modified 12.04.2025 10:46:40

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary...

8.8

CVE-2016-2335

Exploit
  • EPSS 1.8%
  • Published 07.06.2016 14:06:12
  • Last modified 12.04.2025 10:46:40

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation D...

9.8

CVE-2015-7695

  • EPSS 1.23%
  • Published 07.06.2016 14:06:10
  • Last modified 12.04.2025 10:46:40

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.

7.8

CVE-2015-5723

  • EPSS 0.1%
  • Published 07.06.2016 14:06:08
  • Last modified 12.04.2025 10:46:40

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permiss...