Debian » Debian Linux : Security Vulnerabilities, CVEs, Published In October 2016
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
Max CVSS
4.9
EPSS Score
0.06%
Published
2016-10-05
Updated
2020-11-10
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
Max CVSS
4.4
EPSS Score
0.06%
Published
2016-10-05
Updated
2023-02-12
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
Max CVSS
5.5
EPSS Score
1.05%
Published
2016-10-07
Updated
2016-10-11
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Max CVSS
7.5
EPSS Score
0.77%
Published
2016-10-03
Updated
2018-01-05
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
Max CVSS
10.0
EPSS Score
1.16%
Published
2016-10-05
Updated
2020-11-16
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
Max CVSS
10.0
EPSS Score
3.81%
Published
2016-10-10
Updated
2023-01-19
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
Max CVSS
4.4
EPSS Score
0.15%
Published
2016-10-25
Updated
2022-10-27
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
Max CVSS
9.8
EPSS Score
4.52%
Published
2016-10-03
Updated
2023-09-15
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
Max CVSS
7.5
EPSS Score
1.87%
Published
2016-10-05
Updated
2017-11-13
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
Max CVSS
9.3
EPSS Score
3.06%
Published
2016-10-03
Updated
2024-03-15
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
Max CVSS
9.8
EPSS Score
6.63%
Published
2016-10-03
Updated
2024-03-15
11 vulnerabilities found