Debian: >> Debian Linux >> 8.0 Security Vulnerabilities
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
CVSS Score
7.5
EPSS Score
0.033
Published
2017-04-13
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-04-13
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-04-12
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-04-12
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.
CVSS Score
7.5
EPSS Score
0.02
Published
2017-04-12
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.
CVSS Score
7.5
EPSS Score
0.02
Published
2017-04-12
Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.
CVSS Score
6.5
EPSS Score
0.028
Published
2017-04-11
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-04-11
Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-04-11
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.
CVSS Score
7.9
EPSS Score
0.001
Published
2017-04-11