Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-07-13 | CVE-2016-5008 | libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | Debian_linux, Libvirt | 9.8 | ||
| 2016-08-06 | CVE-2016-3070 | The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. | Debian_linux, Linux_kernel | 7.8 | ||
| 2016-08-13 | CVE-2016-5384 | fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | Ubuntu_linux, Debian_linux, Fedora, Fontconfig | 7.8 | ||
| 2016-09-07 | CVE-2016-6351 | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. | Ubuntu_linux, Debian_linux, Qemu | 6.7 | ||
| 2016-09-07 | CVE-2016-6318 | Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. | Cracklib, Debian_linux, Leap | 7.8 | ||
| 2016-10-05 | CVE-2016-7908 | The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | Debian_linux, Qemu | 4.4 | ||
| 2016-11-04 | CVE-2016-8576 | The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. | Debian_linux, Leap, Qemu, Openstack, Virtualization | 6.0 | ||
| 2016-11-04 | CVE-2016-8909 | The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. | Debian_linux, Leap, Qemu, Openstack, Virtualization | 6.0 | ||
| 2016-11-04 | CVE-2016-8577 | Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation. | Debian_linux, Leap, Qemu | 6.0 | ||
| 2016-11-04 | CVE-2016-8669 | The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. | Debian_linux, Leap, Qemu, Openstack, Virtualization | 6.0 |