Debian

Debian Linux

9142 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2016-1244

  • EPSS 9.94%
  • Published 03.10.2016 18:59:01
  • Last modified 12.04.2025 10:46:40

The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.

9.8

CVE-2016-1243

  • EPSS 27.59%
  • Published 03.10.2016 18:59:00
  • Last modified 12.04.2025 10:46:40

Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.

9.8

CVE-2016-5180

  • EPSS 19.37%
  • Published 03.10.2016 15:59:03
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

9.8

CVE-2016-7568

  • EPSS 1.02%
  • Published 28.09.2016 20:59:02
  • Last modified 12.04.2025 10:46:40

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspe...

7.5

CVE-2016-7045

Exploit
  • EPSS 1.93%
  • Published 27.09.2016 15:59:11
  • Last modified 12.04.2025 10:46:40

The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.

7.5

CVE-2016-7044

Exploit
  • EPSS 1.93%
  • Published 27.09.2016 15:59:09
  • Last modified 12.04.2025 10:46:40

The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.

5.9

CVE-2016-6306

  • EPSS 11.74%
  • Published 26.09.2016 19:59:02
  • Last modified 12.04.2025 10:46:40

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

5.9

CVE-2016-7142

  • EPSS 0.14%
  • Published 26.09.2016 15:59:03
  • Last modified 12.04.2025 10:46:40

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

9.8

CVE-2016-4303

Exploit
  • EPSS 5.73%
  • Published 26.09.2016 14:59:01
  • Last modified 12.04.2025 10:46:40

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based b...

6.5

CVE-2016-5172

  • EPSS 1.49%
  • Published 25.09.2016 20:59:04
  • Last modified 12.04.2025 10:46:40

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.