Debian: >> Debian Linux >> 7.0 Security Vulnerabilities
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
CVSS Score
7.5
EPSS Score
0.005
Published
2016-04-11
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
CVSS Score
7.5
EPSS Score
0.006
Published
2016-04-11
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.
CVSS Score
7.5
EPSS Score
0.006
Published
2016-04-11
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
CVSS Score
7.5
EPSS Score
0.199
Published
2016-04-08
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
CVSS Score
9.8
EPSS Score
0.012
Published
2016-04-08
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.231
Published
2016-04-07
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2016-04-07
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
CVSS Score
8.1
EPSS Score
0.343
Published
2016-04-07
Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.
CVSS Score
7.3
EPSS Score
0.011
Published
2016-03-30
The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI parser in bgpd in Quagga before 1.0.20160309, when a certain VPNv4 configuration is used, relies on a Labeled-VPN SAFI routes-data length field during a data copy, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted packet.
CVSS Score
8.1
EPSS Score
0.204
Published
2016-03-17