Debian

Debian Linux

9979 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-7568

  • EPSS 3.42%
  • Veröffentlicht 28.09.2016 20:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspe...

7.5

CVE-2016-7045

Exploit
  • EPSS 1.92%
  • Veröffentlicht 27.09.2016 15:59:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.

7.5

CVE-2016-7044

Exploit
  • EPSS 1.93%
  • Veröffentlicht 27.09.2016 15:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.

5.9

CVE-2016-6306

  • EPSS 8.13%
  • Veröffentlicht 26.09.2016 19:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

5.9

CVE-2016-7142

  • EPSS 0.59%
  • Veröffentlicht 26.09.2016 15:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message.

9.8

CVE-2016-4303

Exploit
  • EPSS 5.73%
  • Veröffentlicht 26.09.2016 14:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based b...

6.5

CVE-2016-5172

  • EPSS 1.13%
  • Veröffentlicht 25.09.2016 20:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

9.3

CVE-2016-4738

  • EPSS 5.93%
  • Veröffentlicht 25.09.2016 10:59:41
  • Zuletzt bearbeitet 06.05.2026 22:30:45

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.8

CVE-2016-6525

  • EPSS 5.36%
  • Veröffentlicht 22.09.2016 15:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

7.8

CVE-2016-7163

Exploit
  • EPSS 0.51%
  • Veröffentlicht 21.09.2016 14:25:28
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.