Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-06-14 | CVE-2016-5337 | The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. | Ubuntu_linux, Debian_linux, Qemu | 5.5 | ||
| 2016-06-16 | CVE-2016-2391 | The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers. | Ubuntu_linux, Debian_linux, Qemu | 5.0 | ||
| 2016-07-12 | CVE-2016-4428 | Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | Debian_linux, Horizon, Openstack | 5.4 | ||
| 2016-07-08 | CVE-2016-4463 | Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. | Xerces\-C\+\+, Debian_linux | 7.5 | ||
| 2016-07-13 | CVE-2016-5008 | libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | Debian_linux, Libvirt | 9.8 | ||
| 2016-08-06 | CVE-2016-3070 | The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. | Debian_linux, Linux_kernel | 7.8 | ||
| 2016-08-13 | CVE-2016-5384 | fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | Ubuntu_linux, Debian_linux, Fedora, Fontconfig | 7.8 | ||
| 2016-09-07 | CVE-2016-6351 | The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execute arbitrary code on the QEMU host via vectors involving DMA read into ESP command buffer. | Ubuntu_linux, Debian_linux, Qemu | 6.7 | ||
| 2016-09-07 | CVE-2016-6318 | Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. | Cracklib, Debian_linux, Leap | 7.8 | ||
| 2016-10-05 | CVE-2016-7908 | The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | Debian_linux, Qemu | 4.4 |