Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5257 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly e
|
22-10-2024 - 13:54 | 22-09-2016 - 22:59 | |
CVE-2016-5265 | 4.0 |
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML docu
|
22-10-2024 - 13:54 | 05-08-2016 - 01:59 | |
CVE-2016-2831 | 5.8 |
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing att
|
22-10-2024 - 13:54 | 13-06-2016 - 10:59 | |
CVE-2016-2818 | 6.8 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
|
22-10-2024 - 13:54 | 13-06-2016 - 10:59 | |
CVE-2016-2836 | 6.8 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
|
22-10-2024 - 13:54 | 05-08-2016 - 01:59 | |
CVE-2015-2741 | 4.3 |
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to b
|
22-10-2024 - 13:54 | 06-07-2015 - 02:01 | |
CVE-2015-2743 | 7.5 |
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
|
22-10-2024 - 13:54 | 06-07-2015 - 02:01 | |
CVE-2015-2730 | 4.3 |
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which
|
22-10-2024 - 13:54 | 06-07-2015 - 02:01 | |
CVE-2015-2716 | 7.5 |
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2
|
22-10-2024 - 13:54 | 14-05-2015 - 10:59 | |
CVE-2015-0818 | 7.5 |
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
|
22-10-2024 - 13:54 | 24-03-2015 - 00:59 | |
CVE-2015-7183 | 7.5 |
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and othe
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7180 | 7.5 |
The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and appl
|
22-10-2024 - 13:42 | 24-09-2015 - 04:59 | |
CVE-2015-7222 | 6.8 |
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory all
|
22-10-2024 - 13:42 | 16-12-2015 - 11:59 | |
CVE-2015-7575 | 4.3 |
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it e
|
22-10-2024 - 13:42 | 09-01-2016 - 02:59 | |
CVE-2015-7200 | 7.5 |
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7214 | 5.0 |
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
|
22-10-2024 - 13:42 | 16-12-2015 - 11:59 | |
CVE-2015-4000 | 4.3 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
|
22-10-2024 - 13:42 | 21-05-2015 - 00:59 | |
CVE-2016-2802 | 6.8 |
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have
|
22-10-2024 - 13:42 | 13-03-2016 - 18:59 | |
CVE-2016-2807 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or
|
22-10-2024 - 13:42 | 30-04-2016 - 17:59 | |
CVE-2015-4495 | 4.3 |
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript
|
22-10-2024 - 13:42 | 08-08-2015 - 00:59 | |
CVE-2015-4498 | 7.5 |
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitr
|
22-10-2024 - 13:42 | 29-08-2015 - 19:59 | |
CVE-2015-4493 | 9.3 |
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds c
|
22-10-2024 - 13:42 | 16-08-2015 - 01:59 | |
CVE-2016-1969 | 6.8 |
The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a cra
|
22-10-2024 - 13:42 | 13-03-2016 - 18:59 | |
CVE-2016-1950 | 6.8 |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via
|
22-10-2024 - 13:42 | 13-03-2016 - 18:59 | |
CVE-2015-4491 | 6.8 |
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers t
|
22-10-2024 - 13:42 | 16-08-2015 - 01:59 | |
CVE-2016-1935 | 9.3 |
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
|
22-10-2024 - 13:42 | 31-01-2016 - 18:59 | |
CVE-2016-2814 | 6.8 |
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary cod
|
22-10-2024 - 13:42 | 30-04-2016 - 17:59 | |
CVE-2016-1526 | 5.8 |
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive inform
|
22-10-2024 - 13:42 | 13-02-2016 - 02:59 | |
CVE-2015-8370 | 6.9 |
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get f
|
21-10-2024 - 17:35 | 16-12-2015 - 21:59 | |
CVE-2018-8034 | 5.0 |
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
|
21-10-2024 - 16:35 | 01-08-2018 - 18:29 | |
CVE-2019-9812 | 5.8 |
Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that di
|
21-10-2024 - 13:55 | 08-01-2020 - 22:15 | |
CVE-2018-5188 | 7.5 |
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabi
|
21-10-2024 - 13:55 | 18-10-2018 - 13:29 | |
CVE-2017-5469 | 7.5 |
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
|
21-10-2024 - 13:55 | 11-06-2018 - 21:29 | |
CVE-2016-5284 | 4.3 |
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.
|
21-10-2024 - 13:55 | 22-09-2016 - 22:59 | |
CVE-2014-8641 | 7.5 |
Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data.
|
21-10-2024 - 13:55 | 14-01-2015 - 11:59 | |
CVE-2014-1544 | 10.0 |
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to e
|
21-10-2024 - 13:55 | 23-07-2014 - 11:12 | |
CVE-2014-1541 | 10.0 |
Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code o
|
21-10-2024 - 13:55 | 11-06-2014 - 10:57 | |
CVE-2014-1568 | 7.5 |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31
|
21-10-2024 - 13:55 | 25-09-2014 - 17:55 | |
CVE-2014-1567 | 9.3 |
Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via tex
|
21-10-2024 - 13:55 | 03-09-2014 - 10:55 | |
CVE-2014-1583 | 5.0 |
The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the J
|
21-10-2024 - 13:55 | 15-10-2014 - 10:55 | |
CVE-2014-1557 | 9.3 |
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attacke
|
21-10-2024 - 13:55 | 23-07-2014 - 11:12 | |
CVE-2015-0836 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or poss
|
21-10-2024 - 13:55 | 25-02-2015 - 11:59 | |
CVE-2017-7805 | 5.0 |
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocat
|
21-10-2024 - 13:11 | 11-06-2018 - 21:29 | |
CVE-2016-3427 | 10.0 |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
|
09-10-2024 - 14:41 | 21-04-2016 - 11:00 | |
CVE-2018-20534 | 4.3 |
There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It ca
|
05-08-2024 - 12:15 | 28-12-2018 - 16:29 | |
CVE-2019-17626 | 7.5 |
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
|
01-08-2024 - 13:41 | 16-10-2019 - 12:15 | |
CVE-2020-15999 | 4.3 |
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
25-07-2024 - 17:25 | 03-11-2020 - 03:15 | |
CVE-2019-5544 | 7.5 |
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
|
25-07-2024 - 14:15 | 06-12-2019 - 16:15 | |
CVE-2016-3718 | 4.3 |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
|
24-07-2024 - 17:05 | 05-05-2016 - 18:59 | |
CVE-2014-6271 | 10.0 |
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
|
24-07-2024 - 16:47 | 24-09-2014 - 18:48 | |
CVE-2016-5195 | 7.2 |
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in Oc
|
24-07-2024 - 14:27 | 10-11-2016 - 21:59 | |
CVE-2020-1938 | 7.5 |
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t
|
24-07-2024 - 14:23 | 24-02-2020 - 22:15 | |
CVE-2019-11043 | 7.5 |
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the p
|
16-07-2024 - 17:52 | 28-10-2019 - 15:15 | |
CVE-2019-11708 | 10.0 |
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vuln
|
02-07-2024 - 17:02 | 23-07-2019 - 14:15 | |
CVE-2017-8291 | 6.8 |
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in
|
02-07-2024 - 13:01 | 27-04-2017 - 01:59 | |
CVE-2014-3153 | 7.2 |
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe wai
|
02-07-2024 - 12:17 | 07-06-2014 - 14:55 | |
CVE-2019-1387 | 6.8 |
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names
|
26-06-2024 - 10:15 | 18-12-2019 - 21:15 | |
CVE-2020-1971 | 4.3 |
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they
|
21-06-2024 - 19:15 | 08-12-2020 - 16:15 | |
CVE-2018-1311 | 6.8 |
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disabl
|
21-06-2024 - 16:11 | 18-12-2019 - 20:15 | |
CVE-2015-3281 | 5.0 |
The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of pre
|
29-05-2024 - 14:14 | 06-07-2015 - 15:59 | |
CVE-2020-1472 | 9.3 |
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability
|
23-05-2024 - 17:56 | 17-08-2020 - 19:15 | |
CVE-2018-5730 | 5.5 |
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string w
|
23-05-2024 - 17:53 | 06-03-2018 - 20:29 | |
CVE-2020-8177 | 4.6 |
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
|
27-03-2024 - 16:04 | 14-12-2020 - 20:15 | |
CVE-2020-5395 | 6.8 |
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
|
08-03-2024 - 01:15 | 03-01-2020 - 20:15 | |
CVE-2019-15605 | 7.5 |
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
|
07-03-2024 - 21:24 | 07-02-2020 - 15:15 | |
CVE-2015-7501 | 10.0 |
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x
|
16-02-2024 - 13:15 | 09-11-2017 - 17:29 | |
CVE-2015-0274 | 7.2 |
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges
|
15-02-2024 - 18:55 | 16-03-2015 - 10:59 | |
CVE-2014-3466 | 6.8 |
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code
|
14-02-2024 - 01:17 | 03-06-2014 - 14:55 | |
CVE-2015-0235 | 10.0 |
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
|
14-02-2024 - 01:17 | 28-01-2015 - 19:59 | |
CVE-2014-0196 | 6.9 |
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or
|
09-02-2024 - 19:24 | 07-05-2014 - 10:55 | |
CVE-2018-7550 | 4.6 |
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or
|
30-01-2024 - 22:15 | 01-03-2018 - 17:29 | |
CVE-2016-5003 | 7.5 |
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.
|
22-01-2024 - 17:15 | 27-10-2017 - 18:29 | |
CVE-2014-4943 | 6.9 |
The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.
|
19-01-2024 - 17:50 | 19-07-2014 - 19:55 | |
CVE-2018-8088 | 7.5 |
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.
|
27-12-2023 - 15:15 | 20-03-2018 - 16:29 | |
CVE-2019-14835 | 7.2 |
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript
|
15-12-2023 - 15:29 | 17-09-2019 - 16:15 | |
CVE-2020-15862 | 7.2 |
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
|
31-10-2023 - 19:30 | 20-08-2020 - 01:17 | |
CVE-2014-0231 | 5.0 |
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
|
31-10-2023 - 16:05 | 20-07-2014 - 11:12 | |
CVE-2014-3577 | 5.8 |
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName fi
|
27-10-2023 - 15:15 | 21-08-2014 - 14:55 | |
CVE-2020-13398 | 6.5 |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
|
24-10-2023 - 15:31 | 22-05-2020 - 18:15 | |
CVE-2020-13397 | 2.1 |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
|
24-10-2023 - 15:31 | 22-05-2020 - 18:15 | |
CVE-2015-8104 | 4.7 |
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
|
10-10-2023 - 15:15 | 16-11-2015 - 11:59 | |
CVE-2019-11324 | 5.0 |
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure i
|
08-10-2023 - 14:15 | 18-04-2019 - 21:29 | |
CVE-2019-11236 | 4.3 |
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
|
08-10-2023 - 14:15 | 15-04-2019 - 15:29 | |
CVE-2020-25654 | 9.0 |
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing
|
29-09-2023 - 11:15 | 24-11-2020 - 20:15 | |
CVE-2019-3885 | 5.0 |
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
|
29-09-2023 - 11:15 | 18-04-2019 - 18:29 | |
CVE-2013-6371 | 5.0 |
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
|
25-09-2023 - 02:30 | 22-04-2014 - 13:06 | |
CVE-2019-14907 | 2.6 |
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such st
|
14-09-2023 - 17:15 | 21-01-2020 - 18:15 | |
CVE-2019-10218 | 4.3 |
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB
|
14-09-2023 - 17:15 | 06-11-2019 - 10:15 | |
CVE-2016-7796 | 4.9 |
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled
|
12-09-2023 - 14:45 | 13-10-2016 - 14:59 | |
CVE-2019-17498 | 5.8 |
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be
|
08-09-2023 - 14:15 | 21-10-2019 - 22:15 | |
CVE-2019-11479 | 5.0 |
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial
|
16-08-2023 - 14:17 | 19-06-2019 - 00:15 | |
CVE-2015-6360 | 7.8 |
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
|
15-08-2023 - 14:52 | 21-04-2016 - 10:59 | |
CVE-2019-11811 | 6.9 |
An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and
|
11-08-2023 - 19:54 | 07-05-2019 - 14:29 | |
CVE-2018-1002200 | 4.3 |
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
|
02-08-2023 - 16:17 | 25-07-2018 - 17:29 | |
CVE-2017-3145 | 5.0 |
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to
|
21-06-2023 - 18:19 | 16-01-2019 - 20:29 | |
CVE-2017-7533 | 6.9 |
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_han
|
21-06-2023 - 15:57 | 05-08-2017 - 16:29 | |
CVE-2016-2324 | 10.0 |
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
|
21-06-2023 - 15:18 | 08-04-2016 - 14:59 | |
CVE-2020-10188 | 10.0 |
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
|
16-06-2023 - 17:44 | 06-03-2020 - 15:15 | |
CVE-2020-12049 | 4.9 |
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or a
|
12-06-2023 - 07:15 | 08-06-2020 - 17:15 | |
CVE-2018-1000140 | 7.5 |
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to
|
12-06-2023 - 07:15 | 23-03-2018 - 21:29 | |
CVE-2019-14866 | 6.9 |
In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attack
|
04-06-2023 - 22:15 | 07-01-2020 - 17:15 | |
CVE-2019-3811 | 2.7 |
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem ac
|
29-05-2023 - 17:15 | 15-01-2019 - 15:29 | |
CVE-2019-20479 | 5.8 |
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
|
25-05-2023 - 20:18 | 20-02-2020 - 06:15 | |
CVE-2017-6413 | 5.0 |
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote a
|
25-05-2023 - 20:18 | 02-03-2017 - 06:59 | |
CVE-2019-20907 | 5.0 |
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
|
24-05-2023 - 21:15 | 13-07-2020 - 13:15 | |
CVE-2020-8492 | 7.1 |
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicA
|
24-05-2023 - 21:15 | 30-01-2020 - 19:15 | |
CVE-2014-5077 | 7.1 |
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an assoc
|
19-05-2023 - 16:50 | 01-08-2014 - 11:13 | |
CVE-2018-18559 | 6.8 |
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a ra
|
16-05-2023 - 11:14 | 22-10-2018 - 16:29 | |
CVE-2020-25643 | 7.5 |
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial
|
16-05-2023 - 10:48 | 06-10-2020 - 14:15 | |
CVE-2020-14422 | 4.3 |
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary
|
16-05-2023 - 02:15 | 18-06-2020 - 14:15 | |
CVE-2020-8597 | 7.5 |
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
|
05-05-2023 - 17:48 | 03-02-2020 - 23:15 | |
CVE-2019-7638 | 6.8 |
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.
|
03-05-2023 - 12:15 | 08-02-2019 - 11:29 | |
CVE-2019-13616 | 5.8 |
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
|
03-05-2023 - 12:15 | 16-07-2019 - 17:15 | |
CVE-2015-3276 | 5.0 |
The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified
|
28-04-2023 - 18:28 | 07-12-2015 - 20:59 | |
CVE-2019-3883 | 5.0 |
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are
|
24-04-2023 - 09:15 | 17-04-2019 - 14:29 | |
CVE-2019-14824 | 3.5 |
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
|
24-04-2023 - 09:15 | 08-11-2019 - 15:15 | |
CVE-2019-13038 | 4.3 |
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL.
|
13-03-2023 - 00:15 | 29-06-2019 - 14:15 | |
CVE-2020-29599 | 6.8 |
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible
|
11-03-2023 - 23:15 | 07-12-2020 - 20:15 | |
CVE-2018-8781 | 7.2 |
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissi
|
03-03-2023 - 19:22 | 23-04-2018 - 19:29 | |
CVE-2019-14513 | 5.0 |
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.
|
03-03-2023 - 14:24 | 01-08-2019 - 21:15 | |
CVE-2019-6116 | 6.8 |
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
|
01-03-2023 - 18:41 | 21-03-2019 - 16:01 | |
CVE-2018-8905 | 6.8 |
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
|
01-03-2023 - 17:13 | 22-03-2018 - 04:29 | |
CVE-2020-13867 | 2.1 |
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
|
01-03-2023 - 16:48 | 05-06-2020 - 18:15 | |
CVE-2019-13313 | 2.1 |
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.
|
28-02-2023 - 20:49 | 05-07-2019 - 14:15 | |
CVE-2019-12387 | 4.3 |
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
|
28-02-2023 - 20:47 | 10-06-2019 - 12:29 | |
CVE-2019-14744 | 5.1 |
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated
|
28-02-2023 - 18:26 | 07-08-2019 - 15:15 | |
CVE-2019-9811 | 5.1 |
As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox <
|
28-02-2023 - 14:40 | 23-07-2019 - 14:15 | |
CVE-2019-16056 | 5.0 |
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and imple
|
28-02-2023 - 14:30 | 06-09-2019 - 18:15 | |
CVE-2015-5289 | 6.4 |
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (
|
24-02-2023 - 18:44 | 26-10-2015 - 14:59 | |
CVE-2018-9568 | 7.2 |
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Androi
|
24-02-2023 - 18:43 | 06-12-2018 - 14:29 | |
CVE-2017-2636 | 6.9 |
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
|
24-02-2023 - 18:43 | 07-03-2017 - 22:59 | |
CVE-2018-15473 | 5.0 |
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-
|
23-02-2023 - 23:13 | 17-08-2018 - 19:29 | |
CVE-2020-6829 | 5.0 |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the p
|
20-02-2023 - 17:15 | 28-10-2020 - 12:15 | |
CVE-2017-7308 | 7.2 |
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or
|
14-02-2023 - 18:32 | 29-03-2017 - 20:59 | |
CVE-2019-16707 | 4.3 |
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
|
13-02-2023 - 19:08 | 23-09-2019 - 12:15 | |
CVE-2018-16865 | 4.6 |
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remo
|
13-02-2023 - 04:52 | 11-01-2019 - 21:29 | |
CVE-2018-14634 | 7.2 |
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6
|
13-02-2023 - 04:51 | 25-09-2018 - 21:29 | |
CVE-2018-14650 | 1.9 |
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-coll
|
13-02-2023 - 04:51 | 27-09-2018 - 20:29 | |
CVE-2018-10910 | 2.1 |
A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication
|
13-02-2023 - 04:51 | 28-01-2019 - 15:29 | |
CVE-2018-10897 | 9.3 |
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination d
|
13-02-2023 - 04:51 | 01-08-2018 - 17:29 | |
CVE-2018-10846 | 1.9 |
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain
|
13-02-2023 - 04:50 | 22-08-2018 - 13:29 | |
CVE-2016-3099 | 5.0 |
mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.
|
13-02-2023 - 04:50 | 08-06-2017 - 19:29 | |
CVE-2015-7872 | 2.1 |
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
|
13-02-2023 - 00:55 | 16-11-2015 - 11:59 | |
CVE-2015-7529 | 4.6 |
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$host
|
13-02-2023 - 00:54 | 06-11-2017 - 17:29 | |
CVE-2015-5302 | 5.0 |
libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds,
|
13-02-2023 - 00:53 | 07-12-2015 - 18:59 | |
CVE-2015-5292 | 6.8 |
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a larg
|
13-02-2023 - 00:53 | 29-10-2015 - 16:59 | |
CVE-2015-5190 | 8.5 |
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
|
13-02-2023 - 00:50 | 03-09-2015 - 14:59 | |
CVE-2015-5165 | 9.3 |
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
|
13-02-2023 - 00:50 | 12-08-2015 - 14:59 | |
CVE-2015-5154 | 7.2 |
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
|
13-02-2023 - 00:50 | 12-08-2015 - 14:59 | |
CVE-2015-3405 | 5.0 |
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remot
|
13-02-2023 - 00:49 | 09-08-2017 - 16:29 | |
CVE-2015-3204 | 5.0 |
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.
|
13-02-2023 - 00:48 | 01-07-2015 - 14:59 | |
CVE-2015-3230 | 7.5 |
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
|
13-02-2023 - 00:48 | 29-10-2015 - 20:59 | |
CVE-2015-3240 | 4.3 |
The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.
|
13-02-2023 - 00:48 | 09-11-2015 - 16:59 | |
CVE-2015-3213 | 7.2 |
The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures.
|
13-02-2023 - 00:48 | 12-08-2015 - 14:59 | |
CVE-2015-1815 | 10.0 |
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
|
13-02-2023 - 00:47 | 30-03-2015 - 14:59 | |
CVE-2015-1854 | 5.0 |
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
|
13-02-2023 - 00:47 | 19-09-2017 - 15:29 | |
CVE-2015-2675 | 5.0 |
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials met
|
13-02-2023 - 00:47 | 18-08-2017 - 18:29 | |
CVE-2015-1853 | 4.0 |
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in c
|
13-02-2023 - 00:47 | 09-12-2019 - 19:15 | |
CVE-2015-1781 | 6.8 |
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS respo
|
13-02-2023 - 00:46 | 28-09-2015 - 20:59 | |
CVE-2015-1779 | 7.8 |
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.
|
13-02-2023 - 00:46 | 12-01-2016 - 19:59 | |
CVE-2015-1782 | 6.8 |
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
|
13-02-2023 - 00:46 | 13-03-2015 - 14:59 | |
CVE-2015-0240 | 10.0 |
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execu
|
13-02-2023 - 00:45 | 24-02-2015 - 01:59 | |
CVE-2014-8169 | 4.4 |
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges v
|
13-02-2023 - 00:44 | 18-03-2015 - 16:59 | |
CVE-2014-8165 | 10.0 |
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
|
13-02-2023 - 00:44 | 19-02-2015 - 15:59 | |
CVE-2014-8121 | 5.0 |
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by perfor
|
13-02-2023 - 00:43 | 27-03-2015 - 14:59 | |
CVE-2014-8118 | 10.0 |
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
|
13-02-2023 - 00:42 | 16-12-2014 - 18:59 | |
CVE-2014-7844 | 7.2 |
BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.
|
13-02-2023 - 00:42 | 14-01-2020 - 17:15 | |
CVE-2014-7817 | 4.6 |
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
|
13-02-2023 - 00:42 | 24-11-2014 - 15:59 | |
CVE-2014-8112 | 4.0 |
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re
|
13-02-2023 - 00:42 | 10-03-2015 - 14:59 | |
CVE-2014-8103 | 6.5 |
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the
|
13-02-2023 - 00:42 | 10-12-2014 - 15:59 | |
CVE-2014-8106 | 4.6 |
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for
|
13-02-2023 - 00:42 | 08-12-2014 - 16:59 | |
CVE-2014-7841 | 5.0 |
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malf
|
13-02-2023 - 00:42 | 30-11-2014 - 01:59 | |
CVE-2014-3693 | 7.5 |
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP p
|
13-02-2023 - 00:42 | 07-11-2014 - 19:55 | |
CVE-2014-5119 | 7.5 |
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment vari
|
13-02-2023 - 00:42 | 29-08-2014 - 16:55 | |
CVE-2014-3618 | 7.5 |
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
|
13-02-2023 - 00:41 | 08-09-2014 - 14:55 | |
CVE-2014-3657 | 5.0 |
The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the
|
13-02-2023 - 00:41 | 06-10-2014 - 14:55 | |
CVE-2014-3565 | 5.0 |
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB f
|
13-02-2023 - 00:40 | 07-10-2014 - 14:55 | |
CVE-2014-3585 | 10.0 |
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
|
13-02-2023 - 00:40 | 22-11-2019 - 15:15 | |
CVE-2014-3562 | 5.0 |
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
|
13-02-2023 - 00:40 | 21-08-2014 - 14:55 | |
CVE-2014-3461 | 6.8 |
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
|
13-02-2023 - 00:39 | 04-11-2014 - 21:55 | |
CVE-2014-3493 | 2.7 |
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname wi
|
13-02-2023 - 00:39 | 23-06-2014 - 14:55 | |
CVE-2014-2894 | 7.2 |
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
|
13-02-2023 - 00:38 | 23-04-2014 - 15:55 | |
CVE-2014-0189 | 2.1 |
virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.
|
13-02-2023 - 00:36 | 02-05-2014 - 14:55 | |
CVE-2014-0186 | 5.0 |
A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.
|
13-02-2023 - 00:35 | 14-06-2014 - 11:18 | |
CVE-2020-1722 | 5.4 |
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unr
|
12-02-2023 - 23:40 | 27-04-2020 - 21:15 | |
CVE-2020-14331 | 7.2 |
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local us
|
12-02-2023 - 23:40 | 15-09-2020 - 19:15 | |
CVE-2019-3815 | 2.1 |
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A
|
12-02-2023 - 23:38 | 28-01-2019 - 15:29 | |
CVE-2019-3816 | 5.0 |
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a sp
|
12-02-2023 - 23:38 | 14-03-2019 - 22:29 | |
CVE-2019-3833 | 5.0 |
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request t
|
12-02-2023 - 23:38 | 14-03-2019 - 22:29 | |
CVE-2019-14906 | 7.5 |
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while c
|
12-02-2023 - 23:37 | 07-01-2020 - 21:15 | |
CVE-2019-14868 | 7.2 |
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote una
|
12-02-2023 - 23:36 | 02-04-2020 - 17:15 | |
CVE-2019-14823 | 5.8 |
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly ver
|
12-02-2023 - 23:34 | 14-10-2019 - 20:15 | |
CVE-2019-14834 | 4.3 |
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
|
12-02-2023 - 23:34 | 07-01-2020 - 17:15 | |
CVE-2019-10185 | 6.4 |
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the
|
12-02-2023 - 23:33 | 31-07-2019 - 23:15 | |
CVE-2019-10160 | 5.0 |
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by
|
12-02-2023 - 23:33 | 07-06-2019 - 18:29 | |
CVE-2018-16863 | 9.3 |
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript d
|
12-02-2023 - 23:32 | 03-12-2018 - 17:29 | |
CVE-2018-1111 | 7.9 |
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network ab
|
12-02-2023 - 23:32 | 17-05-2018 - 16:29 | |
CVE-2018-1063 | 3.3 |
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling proc
|
12-02-2023 - 23:32 | 02-03-2018 - 15:29 | |
CVE-2019-10132 | 6.5 |
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock
|
12-02-2023 - 23:32 | 22-05-2019 - 18:29 | |
CVE-2017-7558 | 5.0 |
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in
|
12-02-2023 - 23:31 | 26-07-2018 - 15:29 | |
CVE-2017-7551 | 5.0 |
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
|
12-02-2023 - 23:31 | 16-08-2017 - 18:29 | |
CVE-2017-7562 | 4.0 |
An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary prin
|
12-02-2023 - 23:31 | 26-07-2018 - 15:29 | |
CVE-2018-10893 | 6.5 |
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
|
12-02-2023 - 23:31 | 11-09-2018 - 15:29 | |
CVE-2017-7537 | 5.0 |
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick t
|
12-02-2023 - 23:30 | 26-07-2018 - 13:29 | |
CVE-2017-7502 | 5.0 |
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
|
12-02-2023 - 23:30 | 30-05-2017 - 18:29 | |
CVE-2017-7506 | 6.5 |
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
|
12-02-2023 - 23:30 | 18-07-2017 - 15:29 | |
CVE-2017-7472 | 4.9 |
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
|
12-02-2023 - 23:30 | 11-05-2017 - 19:29 | |
CVE-2017-7488 | 4.0 |
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.
|
12-02-2023 - 23:30 | 16-05-2017 - 18:29 | |
CVE-2017-5885 | 7.5 |
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColo
|
12-02-2023 - 23:29 | 28-02-2017 - 18:59 | |
CVE-2017-2626 | 2.1 |
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
|
12-02-2023 - 23:29 | 27-07-2018 - 19:29 | |
CVE-2017-15131 | 4.6 |
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux
|
12-02-2023 - 23:28 | 09-01-2018 - 21:29 | |
CVE-2017-15097 | 7.2 |
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
|
12-02-2023 - 23:28 | 27-07-2018 - 20:29 | |
CVE-2017-15124 | 7.8 |
VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VN
|
12-02-2023 - 23:28 | 09-01-2018 - 21:29 | |
CVE-2017-12163 | 4.8 |
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to
|
12-02-2023 - 23:27 | 26-07-2018 - 16:29 | |
CVE-2016-8635 | 4.3 |
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired g
|
12-02-2023 - 23:26 | 01-08-2018 - 13:29 | |
CVE-2016-8638 | 6.4 |
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthentic
|
12-02-2023 - 23:26 | 12-07-2017 - 13:29 | |
CVE-2016-7056 | 2.1 |
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
|
12-02-2023 - 23:25 | 10-09-2018 - 16:29 | |
CVE-2016-5699 | 4.3 |
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
|
12-02-2023 - 23:24 | 02-09-2016 - 14:59 | |
CVE-2016-5404 | 4.0 |
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
|
12-02-2023 - 23:24 | 07-09-2016 - 20:59 | |
CVE-2016-5416 | 5.0 |
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the
|
12-02-2023 - 23:24 | 08-06-2017 - 19:29 | |
CVE-2016-6325 | 7.2 |
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging me
|
12-02-2023 - 23:24 | 13-10-2016 - 14:59 | |
CVE-2016-5385 | 5.1 |
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attacker
|
12-02-2023 - 23:23 | 19-07-2016 - 02:00 | |
CVE-2016-5384 | 4.6 |
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
|
12-02-2023 - 23:23 | 13-08-2016 - 01:59 | |
CVE-2016-5008 | 4.3 |
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
|
12-02-2023 - 23:22 | 13-07-2016 - 15:59 | |
CVE-2016-4994 | 6.8 |
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.
|
12-02-2023 - 23:22 | 12-07-2016 - 19:59 | |
CVE-2016-4971 | 4.3 |
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.
|
12-02-2023 - 23:22 | 30-06-2016 - 17:59 | |
CVE-2016-4470 | 4.9 |
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a craft
|
12-02-2023 - 23:21 | 27-06-2016 - 10:59 | |
CVE-2016-4463 | 5.0 |
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
|
12-02-2023 - 23:21 | 08-07-2016 - 19:59 | |
CVE-2016-4455 | 2.1 |
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directo
|
12-02-2023 - 23:21 | 14-04-2017 - 18:59 | |
CVE-2016-3712 | 2.1 |
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
|
12-02-2023 - 23:19 | 11-05-2016 - 21:59 | |
CVE-2016-3698 | 6.8 |
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity d
|
12-02-2023 - 23:18 | 13-06-2016 - 19:59 | |
CVE-2016-2183 | 5.0 |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
|
12-02-2023 - 23:17 | 01-09-2016 - 00:59 | |
CVE-2016-1714 | 6.9 |
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-o
|
12-02-2023 - 23:17 | 07-04-2016 - 19:59 | |
CVE-2016-2857 | 3.6 |
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
|
12-02-2023 - 23:17 | 12-04-2016 - 02:00 | |
CVE-2016-0758 | 7.2 |
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
|
12-02-2023 - 23:16 | 27-06-2016 - 10:59 | |
CVE-2016-0795 | 9.3 |
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.
|
12-02-2023 - 23:16 | 18-02-2016 - 21:59 | |
CVE-2015-7547 | 6.8 |
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrar
|
12-02-2023 - 23:15 | 18-02-2016 - 21:59 | |
CVE-2015-3247 | 6.9 |
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via un
|
12-02-2023 - 23:15 | 08-09-2015 - 15:59 | |
CVE-2015-5156 | 6.1 |
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corrup
|
12-02-2023 - 23:15 | 19-10-2015 - 10:59 | |
CVE-2015-3248 | 4.7 |
openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk cons
|
12-02-2023 - 23:15 | 26-09-2017 - 15:29 | |
CVE-2015-3238 | 5.8 |
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
|
12-02-2023 - 23:15 | 24-08-2015 - 14:59 | |
CVE-2015-5277 | 7.2 |
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS
|
12-02-2023 - 23:15 | 17-12-2015 - 19:59 | |
CVE-2015-1867 | 7.5 |
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
|
12-02-2023 - 23:15 | 12-08-2015 - 14:59 | |
CVE-2015-1827 | 5.0 |
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user th
|
12-02-2023 - 23:15 | 30-03-2015 - 14:59 | |
CVE-2016-0721 | 4.3 |
Session fixation vulnerability in pcsd in pcs before 0.9.157.
|
12-02-2023 - 23:15 | 21-04-2017 - 15:59 | |
CVE-2015-0267 | 3.6 |
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
|
12-02-2023 - 23:15 | 19-05-2015 - 18:59 | |
CVE-2016-0728 | 7.2 |
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and us
|
12-02-2023 - 23:15 | 08-02-2016 - 03:59 | |
CVE-2016-0718 | 7.5 |
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
|
12-02-2023 - 23:15 | 26-05-2016 - 16:59 | |
CVE-2015-0236 | 3.5 |
libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interf
|
12-02-2023 - 23:15 | 29-01-2015 - 15:59 | |
CVE-2019-9959 | 4.3 |
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attac
|
11-02-2023 - 18:27 | 22-07-2019 - 15:15 | |
CVE-2016-9675 | 6.8 |
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
|
10-02-2023 - 18:29 | 22-12-2016 - 21:59 | |
CVE-2020-8624 | 4.0 |
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to ch
|
10-02-2023 - 17:42 | 21-08-2020 - 21:15 | |
CVE-2017-6074 | 7.2 |
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double
|
10-02-2023 - 00:53 | 18-02-2017 - 21:59 | |
CVE-2015-0252 | 5.0 |
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
|
05-02-2023 - 21:10 | 24-03-2015 - 17:59 | |
CVE-2018-14622 | 5.0 |
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file de
|
03-02-2023 - 14:23 | 30-08-2018 - 13:29 | |
CVE-2020-12674 | 5.0 |
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
|
03-02-2023 - 02:23 | 12-08-2020 - 16:15 | |
CVE-2019-10153 | 4.0 |
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automate
|
02-02-2023 - 18:58 | 30-07-2019 - 23:15 | |
CVE-2018-1084 | 7.5 |
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
|
31-01-2023 - 20:14 | 12-04-2018 - 17:29 | |
CVE-2020-12421 | 4.3 |
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the u
|
30-01-2023 - 17:21 | 09-07-2020 - 15:15 | |
CVE-2020-13112 | 6.4 |
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
|
27-01-2023 - 18:45 | 21-05-2020 - 16:15 | |
CVE-2020-1983 | 2.1 |
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
|
27-01-2023 - 18:40 | 22-04-2020 - 20:15 | |
CVE-2019-20382 | 2.7 |
QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.
|
24-01-2023 - 02:11 | 05-03-2020 - 19:15 | |
CVE-2020-5313 | 5.8 |
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
|
24-01-2023 - 01:43 | 03-01-2020 - 01:15 | |
CVE-2014-4721 | 2.6 |
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent
|
19-01-2023 - 16:14 | 06-07-2014 - 23:55 | |
CVE-2017-7895 | 10.0 |
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted reque
|
19-01-2023 - 16:13 | 28-04-2017 - 10:59 | |
CVE-2016-9555 | 10.0 |
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified
|
19-01-2023 - 16:13 | 28-11-2016 - 03:59 | |
CVE-2015-3331 | 9.3 |
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of serv
|
19-01-2023 - 16:06 | 27-05-2015 - 10:59 | |
CVE-2019-9500 | 7.9 |
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an h
|
19-01-2023 - 15:53 | 16-01-2020 - 21:15 | |
CVE-2017-1000251 | 7.7 |
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remot
|
19-01-2023 - 15:53 | 12-09-2017 - 17:29 | |
CVE-2019-16935 | 4.3 |
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_ti
|
19-01-2023 - 15:46 | 28-09-2019 - 02:15 | |
CVE-2019-14494 | 4.3 |
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.
|
18-01-2023 - 21:19 | 01-08-2019 - 17:15 | |
CVE-2016-4565 | 7.2 |
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI int
|
17-01-2023 - 21:40 | 23-05-2016 - 10:59 | |
CVE-2016-8666 | 7.8 |
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrat
|
17-01-2023 - 21:36 | 16-10-2016 - 21:59 | |
CVE-2014-9322 | 7.2 |
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access t
|
17-01-2023 - 21:29 | 17-12-2014 - 11:59 | |
CVE-2017-1000379 | 7.2 |
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
|
17-01-2023 - 21:03 | 19-06-2017 - 16:29 | |
CVE-2019-17402 | 4.3 |
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset an
|
13-01-2023 - 16:19 | 09-10-2019 - 19:15 | |
CVE-2019-20044 | 7.2 |
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload wit
|
09-01-2023 - 16:41 | 24-02-2020 - 14:15 | |
CVE-2020-11764 | 4.3 |
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp.
|
09-01-2023 - 16:41 | 14-04-2020 - 23:15 | |
CVE-2017-1000367 | 6.9 |
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
|
22-12-2022 - 22:15 | 05-06-2017 - 14:29 | |
CVE-2019-17571 | 7.5 |
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic fo
|
14-12-2022 - 17:50 | 20-12-2019 - 17:15 | |
CVE-2020-13692 | 6.8 |
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
|
13-12-2022 - 15:02 | 04-06-2020 - 16:15 | |
CVE-2016-6515 | 7.8 |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
|
13-12-2022 - 12:15 | 07-08-2016 - 21:59 | |
CVE-2016-6306 | 4.3 |
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2015-8325 | 7.2 |
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted
|
13-12-2022 - 12:15 | 01-05-2016 - 01:59 | |
CVE-2015-6564 | 6.9 |
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MON
|
13-12-2022 - 12:15 | 24-08-2015 - 01:59 | |
CVE-2017-15906 | 5.0 |
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
|
13-12-2022 - 12:15 | 26-10-2017 - 03:29 | |
CVE-2015-3196 | 4.3 |
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (
|
13-12-2022 - 12:15 | 06-12-2015 - 20:59 | |
CVE-2016-0800 | 4.3 |
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote
|
13-12-2022 - 12:15 | 01-03-2016 - 20:59 | |
CVE-2016-0778 | 4.6 |
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows r
|
13-12-2022 - 12:15 | 14-01-2016 - 22:59 | |
CVE-2016-0704 | 4.3 |
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during us
|
13-12-2022 - 12:15 | 02-03-2016 - 11:59 | |
CVE-2020-14385 | 4.7 |
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, o
|
06-12-2022 - 21:31 | 15-09-2020 - 22:15 | |
CVE-2020-17507 | 5.0 |
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
|
03-12-2022 - 15:13 | 12-08-2020 - 18:15 | |
CVE-2020-14355 | 6.5 |
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious
|
21-11-2022 - 19:17 | 07-10-2020 - 15:15 | |
CVE-2020-15678 | 6.8 |
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidat
|
16-11-2022 - 16:17 | 01-10-2020 - 19:15 | |
CVE-2020-14364 | 4.4 |
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_tok
|
16-11-2022 - 14:06 | 31-08-2020 - 18:15 | |
CVE-2019-17026 | 6.8 |
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, an
|
16-11-2022 - 03:00 | 02-03-2020 - 05:15 | |
CVE-2020-12888 | 4.7 |
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
|
14-11-2022 - 19:44 | 15-05-2020 - 18:15 | |
CVE-2019-19126 | 2.1 |
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping ad
|
08-11-2022 - 03:16 | 19-11-2019 - 22:15 | |
CVE-2019-3804 | 5.0 |
It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which c
|
07-11-2022 - 19:03 | 26-03-2019 - 18:29 | |
CVE-2020-25637 | 7.2 |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, cl
|
07-11-2022 - 17:35 | 06-10-2020 - 14:15 | |
CVE-2014-3710 | 5.0 |
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and appli
|
05-11-2022 - 02:10 | 05-11-2014 - 11:55 | |
CVE-2015-1421 | 10.0 |
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by tri
|
03-11-2022 - 20:23 | 16-03-2015 - 10:59 | |
CVE-2020-14362 | 4.6 |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity
|
03-11-2022 - 20:04 | 15-09-2020 - 19:15 | |
CVE-2019-17133 | 7.5 |
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
|
03-11-2022 - 02:41 | 04-10-2019 - 12:15 | |
CVE-2020-9383 | 3.6 |
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
|
29-10-2022 - 02:34 | 25-02-2020 - 16:15 | |
CVE-2020-26217 | 9.3 |
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone
|
28-10-2022 - 17:40 | 16-11-2020 - 21:15 | |
CVE-2020-2922 | 4.3 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with ne
|
28-10-2022 - 17:39 | 15-04-2020 - 14:15 | |
CVE-2020-14621 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenti
|
27-10-2022 - 22:58 | 15-07-2020 - 18:15 | |
CVE-2020-12825 | 5.8 |
libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
|
27-10-2022 - 01:04 | 12-05-2020 - 18:15 | |
CVE-2018-18585 | 4.3 |
chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).
|
25-10-2022 - 16:47 | 23-10-2018 - 02:29 | |
CVE-2019-9456 | 4.6 |
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation
|
14-10-2022 - 01:39 | 06-09-2019 - 22:15 | |
CVE-2019-11135 | 2.1 |
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
07-10-2022 - 15:03 | 14-11-2019 - 19:15 | |
CVE-2017-10243 | 6.4 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulne
|
06-10-2022 - 18:59 | 08-08-2017 - 15:29 | |
CVE-2017-10388 | 5.1 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unau
|
06-10-2022 - 18:57 | 19-10-2017 - 17:29 | |
CVE-2018-2783 | 5.8 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit v
|
06-10-2022 - 18:56 | 19-04-2018 - 02:29 | |
CVE-2018-2952 | 4.3 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult t
|
06-10-2022 - 18:55 | 18-07-2018 - 13:29 | |
CVE-2019-2842 | 4.3 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to c
|
06-10-2022 - 18:47 | 23-07-2019 - 23:15 | |
CVE-2019-2684 | 4.3 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthen
|
06-10-2022 - 17:54 | 23-04-2019 - 19:32 | |
CVE-2019-2422 | 2.6 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker
|
06-10-2022 - 17:52 | 16-01-2019 - 19:30 | |
CVE-2018-16881 | 5.0 |
A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.
|
06-10-2022 - 16:13 | 25-01-2019 - 18:29 | |
CVE-2020-0549 | 2.1 |
Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
|
05-10-2022 - 20:46 | 28-01-2020 - 01:15 | |
CVE-2015-4864 | 3.5 |
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
|
20-09-2022 - 20:30 | 21-10-2015 - 23:59 | |
CVE-2014-3470 | 4.3 |
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereferen
|
16-09-2022 - 19:54 | 05-06-2014 - 21:55 | |
CVE-2020-8617 | 4.3 |
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local se
|
09-09-2022 - 17:47 | 19-05-2020 - 14:15 | |
CVE-2018-1312 | 6.8 |
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication con
|
07-09-2022 - 17:45 | 26-03-2018 - 15:29 | |
CVE-2016-5387 | 6.8 |
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app
|
07-09-2022 - 17:40 | 19-07-2016 - 02:00 | |
CVE-2016-8743 | 5.0 |
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in
|
07-09-2022 - 17:39 | 27-07-2017 - 21:29 | |
CVE-2014-3581 | 5.0 |
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP
|
07-09-2022 - 17:34 | 10-10-2014 - 10:55 | |
CVE-2020-2812 | 4.0 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged
|
29-08-2022 - 21:00 | 15-04-2020 - 14:15 | |
CVE-2015-0432 | 4.0 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
|
29-08-2022 - 20:57 | 21-01-2015 - 19:59 | |
CVE-2017-3651 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileg
|
29-08-2022 - 20:52 | 08-08-2017 - 15:29 | |
CVE-2014-6559 | 4.3 |
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.
|
29-08-2022 - 20:50 | 15-10-2014 - 22:55 | |
CVE-2020-14550 | 3.5 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with net
|
29-08-2022 - 20:48 | 15-07-2020 - 18:15 | |
CVE-2015-7540 | 5.0 |
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via cra
|
29-08-2022 - 20:44 | 29-12-2015 - 22:59 | |
CVE-2018-1139 | 4.3 |
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between
|
29-08-2022 - 20:43 | 22-08-2018 - 14:29 | |
CVE-2017-15275 | 5.0 |
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
|
29-08-2022 - 20:43 | 27-11-2017 - 22:29 | |
CVE-2017-2619 | 6.0 |
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
|
29-08-2022 - 20:20 | 12-03-2018 - 15:29 | |
CVE-2016-2118 | 6.8 |
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersona
|
29-08-2022 - 20:20 | 12-04-2016 - 23:59 | |
CVE-2016-2119 | 6.8 |
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSI
|
29-08-2022 - 20:20 | 07-07-2016 - 15:59 | |
CVE-2015-7560 | 4.0 |
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then u
|
29-08-2022 - 20:03 | 13-03-2016 - 22:59 | |
CVE-2019-3880 | 5.5 |
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation
|
29-08-2022 - 20:02 | 09-04-2019 - 16:29 | |
CVE-2017-3738 | 4.3 |
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult
|
19-08-2022 - 11:49 | 07-12-2017 - 16:29 | |
CVE-2019-1559 | 4.3 |
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid
|
19-08-2022 - 11:14 | 27-02-2019 - 23:29 | |
CVE-2019-2481 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged a
|
19-08-2022 - 09:06 | 16-01-2019 - 19:30 | |
CVE-2014-0224 | 5.8 |
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL
|
16-08-2022 - 13:30 | 05-06-2014 - 21:55 | |
CVE-2015-3416 | 7.5 |
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-b
|
16-08-2022 - 13:28 | 24-04-2015 - 17:59 | |
CVE-2016-5386 | 6.8 |
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which mi
|
16-08-2022 - 13:17 | 19-07-2016 - 02:00 | |
CVE-2017-3731 | 5.0 |
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can
|
16-08-2022 - 13:16 | 04-05-2017 - 19:29 | |
CVE-2017-7494 | 10.0 |
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
|
16-08-2022 - 13:02 | 30-05-2017 - 18:29 | |
CVE-2020-12352 | 3.3 |
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
|
12-08-2022 - 18:28 | 23-11-2020 - 17:15 | |
CVE-2020-10531 | 6.8 |
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
|
12-08-2022 - 18:28 | 12-03-2020 - 19:15 | |
CVE-2019-2698 | 6.8 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protoc
|
12-08-2022 - 18:03 | 23-04-2019 - 19:32 | |
CVE-2019-2455 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attac
|
04-08-2022 - 20:25 | 16-01-2019 - 19:30 | |
CVE-2014-8964 | 5.0 |
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
|
04-08-2022 - 19:58 | 16-12-2014 - 18:59 | |
CVE-2020-11524 | 6.0 |
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
|
30-07-2022 - 03:38 | 15-05-2020 - 17:15 | |
CVE-2019-15903 | 5.0 |
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-r
|
28-07-2022 - 11:23 | 04-09-2019 - 06:15 | |
CVE-2019-9636 | 5.0 |
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a
|
25-07-2022 - 18:15 | 08-03-2019 - 21:29 | |
CVE-2020-7595 | 5.0 |
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
|
25-07-2022 - 18:15 | 21-01-2020 - 23:15 | |
CVE-2020-9484 | 4.4 |
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste
|
25-07-2022 - 18:15 | 20-05-2020 - 19:15 | |
CVE-2018-18074 | 5.0 |
The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.
|
25-07-2022 - 18:15 | 09-10-2018 - 17:29 | |
CVE-2019-10086 | 7.5 |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
|
25-07-2022 - 18:15 | 20-08-2019 - 21:15 | |
CVE-2019-0220 | 5.0 |
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions
|
25-07-2022 - 18:15 | 11-06-2019 - 21:29 | |
CVE-2020-6820 | 6.8 |
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR
|
12-07-2022 - 17:42 | 24-04-2020 - 16:15 | |
CVE-2016-3471 | 6.2 |
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
|
05-07-2022 - 18:58 | 21-07-2016 - 10:12 | |
CVE-2020-2830 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthe
|
30-06-2022 - 20:07 | 15-04-2020 - 14:15 | |
CVE-2019-9948 | 6.4 |
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call
|
30-06-2022 - 17:14 | 23-03-2019 - 18:29 | |
CVE-2018-2973 | 4.3 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unau
|
27-06-2022 - 17:34 | 18-07-2018 - 13:29 | |
CVE-2018-3183 | 6.8 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerabil
|
27-06-2022 - 17:33 | 17-10-2018 - 01:31 | |
CVE-2018-3214 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulner
|
27-06-2022 - 17:27 | 17-10-2018 - 01:31 | |
CVE-2017-9287 | 4.0 |
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
|
13-06-2022 - 19:18 | 29-05-2017 - 16:29 | |
CVE-2019-14822 | 3.6 |
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to inter
|
07-06-2022 - 18:41 | 25-11-2019 - 12:15 | |
CVE-2017-2885 | 7.5 |
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable s
|
07-06-2022 - 17:25 | 24-04-2018 - 19:29 | |
CVE-2020-3902 | 4.3 |
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously cr
|
02-06-2022 - 18:43 | 01-04-2020 - 18:15 | |
CVE-2015-4142 | 4.3 |
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which
|
17-05-2022 - 07:15 | 15-06-2015 - 15:59 | |
CVE-2019-2999 | 4.0 |
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul
|
13-05-2022 - 14:57 | 16-10-2019 - 18:15 | |
CVE-2018-2815 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploi
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2678 | 4.3 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable
|
13-05-2022 - 14:57 | 18-01-2018 - 02:29 | |
CVE-2016-5597 | 4.3 |
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.
|
13-05-2022 - 14:57 | 25-10-2016 - 14:31 | |
CVE-2016-3610 | 9.3 |
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.
|
13-05-2022 - 14:57 | 21-07-2016 - 10:14 | |
CVE-2014-4266 | 5.0 |
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability.
|
13-05-2022 - 14:57 | 17-07-2014 - 11:17 | |
CVE-2014-6558 | 2.6 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
|
13-05-2022 - 14:57 | 15-10-2014 - 22:55 | |
CVE-2014-4265 | 5.0 |
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
|
13-05-2022 - 14:57 | 17-07-2014 - 11:17 | |
CVE-2013-4002 | 7.1 |
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Ja
|
13-05-2022 - 14:57 | 23-07-2013 - 11:03 | |
CVE-2016-3606 | 6.8 |
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
|
13-05-2022 - 14:57 | 21-07-2016 - 10:14 | |
CVE-2016-3449 | 7.6 |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
|
13-05-2022 - 14:57 | 21-04-2016 - 11:00 | |
CVE-2016-3550 | 4.3 |
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.
|
13-05-2022 - 14:57 | 21-07-2016 - 10:13 | |
CVE-2014-2427 | 7.5 |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
|
13-05-2022 - 14:57 | 16-04-2014 - 02:55 | |
CVE-2015-0412 | 7.2 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
|
13-05-2022 - 14:57 | 21-01-2015 - 19:59 | |
CVE-2016-0636 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
|
13-05-2022 - 14:57 | 24-03-2016 - 18:59 | |
CVE-2016-0494 | 10.0 |
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2
|
13-05-2022 - 14:57 | 21-01-2016 - 03:00 | |
CVE-2015-0488 | 5.0 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.
|
13-05-2022 - 14:57 | 16-04-2015 - 16:59 | |
CVE-2015-0491 | 10.0 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-04
|
13-05-2022 - 14:57 | 16-04-2015 - 16:59 | |
CVE-2015-0492 | 9.3 |
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484.
|
13-05-2022 - 14:57 | 16-04-2015 - 16:59 | |
CVE-2015-0413 | 1.9 |
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.
|
13-05-2022 - 14:57 | 21-01-2015 - 19:59 | |
CVE-2017-3544 | 4.3 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit
|
13-05-2022 - 14:52 | 24-04-2017 - 19:59 | |
CVE-2015-4760 | 10.0 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
|
13-05-2022 - 14:38 | 16-07-2015 - 11:00 | |
CVE-2015-4911 | 5.0 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893.
|
13-05-2022 - 14:38 | 22-10-2015 - 00:00 | |
CVE-2019-5188 | 4.4 |
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partit
|
12-05-2022 - 20:14 | 08-01-2020 - 16:15 | |
CVE-2017-12652 | 7.5 |
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
|
12-05-2022 - 20:13 | 10-07-2019 - 15:15 | |
CVE-2020-13935 | 5.0 |
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with inv
|
12-05-2022 - 15:01 | 14-07-2020 - 15:15 | |
CVE-2020-12410 | 9.3 |
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T
|
03-05-2022 - 13:57 | 09-07-2020 - 15:15 | |
CVE-2020-6851 | 5.0 |
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
|
29-04-2022 - 13:24 | 13-01-2020 - 06:15 | |
CVE-2020-12243 | 5.0 |
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
|
29-04-2022 - 13:24 | 28-04-2020 - 19:15 | |
CVE-2020-13114 | 5.0 |
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
|
27-04-2022 - 14:45 | 21-05-2020 - 16:15 | |
CVE-2019-9755 | 4.4 |
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash
|
26-04-2022 - 20:26 | 05-06-2019 - 15:29 | |
CVE-2019-3813 | 5.4 |
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.
|
26-04-2022 - 20:24 | 04-02-2019 - 18:29 | |
CVE-2020-1934 | 5.0 |
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
|
26-04-2022 - 17:05 | 01-04-2020 - 20:15 | |
CVE-2020-8698 | 2.1 |
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
|
26-04-2022 - 16:33 | 12-11-2020 - 18:15 | |
CVE-2020-0452 | 7.5 |
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution pri
|
26-04-2022 - 16:31 | 10-11-2020 - 13:15 | |
CVE-2019-0155 | 7.2 |
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G390
|
22-04-2022 - 19:57 | 14-11-2019 - 19:15 | |
CVE-2018-10911 | 5.0 |
A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
|
22-04-2022 - 19:06 | 04-09-2018 - 14:29 | |
CVE-2019-17185 | 5.0 |
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are in
|
22-04-2022 - 19:04 | 21-03-2020 - 01:15 | |
CVE-2020-0556 | 5.8 |
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
|
22-04-2022 - 19:02 | 12-03-2020 - 21:15 | |
CVE-2020-10711 | 4.3 |
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the
|
22-04-2022 - 18:53 | 22-05-2020 - 15:15 | |
CVE-2016-8706 | 6.8 |
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
|
19-04-2022 - 20:15 | 06-01-2017 - 21:59 | |
CVE-2017-12613 | 3.6 |
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially r
|
18-04-2022 - 18:16 | 24-10-2017 - 01:29 | |
CVE-2019-9503 | 7.9 |
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will c
|
18-04-2022 - 18:09 | 16-01-2020 - 21:15 | |
CVE-2016-6797 | 5.0 |
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked
|
18-04-2022 - 17:56 | 10-08-2017 - 22:29 | |
CVE-2018-12020 | 5.0 |
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" optio
|
18-04-2022 - 17:30 | 08-06-2018 - 21:29 | |
CVE-2019-14287 | 9.0 |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !r
|
18-04-2022 - 15:45 | 17-10-2019 - 18:15 | |
CVE-2020-6814 | 7.5 |
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This
|
18-04-2022 - 15:15 | 25-03-2020 - 22:15 | |
CVE-2020-9359 | 6.8 |
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
|
12-04-2022 - 18:41 | 24-03-2020 - 14:15 | |
CVE-2019-8383 | 6.8 |
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segme
|
12-04-2022 - 18:39 | 17-02-2019 - 02:29 | |
CVE-2018-5740 | 5.0 |
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feat
|
12-04-2022 - 18:34 | 16-01-2019 - 20:29 | |
CVE-2019-1010238 | 7.5 |
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condit
|
12-04-2022 - 16:51 | 19-07-2019 - 17:15 | |
CVE-2019-17012 | 6.8 |
Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T
|
08-04-2022 - 14:33 | 08-01-2020 - 22:15 | |
CVE-2020-26950 | 9.3 |
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
|
08-04-2022 - 11:28 | 09-12-2020 - 01:15 | |
CVE-2018-1000805 | 6.5 |
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
|
06-04-2022 - 18:35 | 08-10-2018 - 15:29 | |
CVE-2019-9210 | 6.8 |
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
|
06-04-2022 - 18:27 | 27-02-2019 - 14:29 | |
CVE-2019-9924 | 7.2 |
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
|
05-04-2022 - 20:11 | 22-03-2019 - 08:29 | |
CVE-2017-18922 | 7.5 |
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overf
|
01-04-2022 - 18:08 | 30-06-2020 - 11:15 | |
CVE-2020-10109 | 7.5 |
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipel
|
01-04-2022 - 14:03 | 12-03-2020 - 13:15 | |
CVE-2019-13734 | 6.8 |
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
29-03-2022 - 19:37 | 10-12-2019 - 22:15 | |
CVE-2020-13817 | 5.8 |
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated
|
29-03-2022 - 18:05 | 04-06-2020 - 13:15 | |
CVE-2019-20788 | 7.5 |
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
|
10-03-2022 - 14:54 | 23-04-2020 - 19:15 | |
CVE-2019-6454 | 4.9 |
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can expl
|
20-02-2022 - 06:08 | 21-03-2019 - 16:01 | |
CVE-2020-25686 | 4.3 |
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers
|
14-02-2022 - 15:29 | 20-01-2021 - 17:15 | |
CVE-2015-1774 | 6.8 |
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-
|
07-02-2022 - 16:32 | 28-04-2015 - 14:59 | |
CVE-2018-16888 | 1.9 |
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the
|
31-01-2022 - 18:37 | 14-01-2019 - 22:29 | |
CVE-2018-15688 | 5.8 |
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
|
31-01-2022 - 18:30 | 26-10-2018 - 14:29 | |
CVE-2018-1049 | 4.3 |
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will h
|
31-01-2022 - 18:26 | 16-02-2018 - 21:29 | |
CVE-2019-20386 | 2.1 |
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
|
28-01-2022 - 21:27 | 21-01-2020 - 06:15 | |
CVE-2019-18609 | 7.5 |
An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header
|
01-01-2022 - 20:06 | 01-12-2019 - 22:15 | |
CVE-2020-8632 | 2.1 |
In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.
|
01-01-2022 - 20:03 | 05-02-2020 - 14:15 | |
CVE-2020-6800 | 6.8 |
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to
|
01-01-2022 - 19:35 | 02-03-2020 - 05:15 | |
CVE-2020-5208 | 6.5 |
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especial
|
30-12-2021 - 21:13 | 05-02-2020 - 14:15 | |
CVE-2019-17042 | 7.5 |
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account fo
|
06-12-2021 - 18:12 | 07-10-2019 - 16:15 | |
CVE-2020-2659 | 4.3 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated at
|
06-12-2021 - 15:07 | 15-01-2020 - 17:15 | |
CVE-2019-7665 | 4.3 |
In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does n
|
30-11-2021 - 19:53 | 09-02-2019 - 16:29 | |
CVE-2019-1010305 | 4.3 |
libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm
|
30-11-2021 - 18:50 | 15-07-2019 - 15:15 | |
CVE-2020-0034 | 7.8 |
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User i
|
29-11-2021 - 17:26 | 10-03-2020 - 20:15 | |
CVE-2016-5696 | 5.8 |
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
|
17-11-2021 - 22:15 | 06-08-2016 - 20:59 | |
CVE-2015-7704 | 5.0 |
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
|
17-11-2021 - 22:15 | 07-08-2017 - 20:29 | |
CVE-2014-9296 | 5.0 |
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
|
17-11-2021 - 22:15 | 20-12-2014 - 02:59 | |
CVE-2015-8138 | 5.0 |
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
|
17-11-2021 - 22:15 | 30-01-2017 - 21:59 | |
CVE-2015-3456 | 7.7 |
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_
|
17-11-2021 - 22:15 | 13-05-2015 - 18:59 | |
CVE-2020-14363 | 4.6 |
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest thre
|
04-11-2021 - 16:10 | 11-09-2020 - 18:15 | |
CVE-2019-9506 | 4.8 |
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") tha
|
04-11-2021 - 15:58 | 14-08-2019 - 17:15 | |
CVE-2019-5482 | 7.5 |
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
|
03-11-2021 - 19:34 | 16-09-2019 - 19:15 | |
CVE-2020-10754 | 4.0 |
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happe
|
02-11-2021 - 17:12 | 08-06-2020 - 18:15 | |
CVE-2018-20217 | 3.5 |
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U
|
18-10-2021 - 12:03 | 26-12-2018 - 21:29 | |
CVE-2018-11439 | 4.3 |
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
|
07-10-2021 - 19:04 | 30-05-2018 - 13:29 | |
CVE-2019-3820 | 4.6 |
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions
|
29-09-2021 - 14:24 | 06-02-2019 - 20:29 | |
CVE-2020-0570 | 4.4 |
Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access.
|
21-09-2021 - 17:58 | 14-09-2020 - 19:15 | |
CVE-2020-15707 | 4.4 |
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffe
|
13-09-2021 - 14:25 | 29-07-2020 - 18:15 | |
CVE-2017-5715 | 1.9 |
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
|
16-08-2021 - 09:15 | 04-01-2018 - 13:29 | |
CVE-2018-3639 | 2.1 |
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
|
13-08-2021 - 15:26 | 22-05-2018 - 12:29 | |
CVE-2017-7980 | 4.6 |
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display a
|
04-08-2021 - 17:15 | 25-07-2017 - 14:29 | |
CVE-2017-2620 | 9.0 |
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use t
|
04-08-2021 - 17:15 | 27-07-2018 - 19:29 | |
CVE-2016-5403 | 4.9 |
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
|
04-08-2021 - 17:15 | 02-08-2016 - 16:59 | |
CVE-2016-9603 | 9.0 |
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged
|
04-08-2021 - 17:15 | 27-07-2018 - 21:29 | |
CVE-2018-11806 | 7.2 |
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
|
04-08-2021 - 17:15 | 13-06-2018 - 16:29 | |
CVE-2016-3710 | 7.2 |
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port
|
04-08-2021 - 17:15 | 11-05-2016 - 21:59 | |
CVE-2017-10664 | 5.0 |
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
|
04-08-2021 - 17:15 | 02-08-2017 - 19:29 | |
CVE-2018-10915 | 6.0 |
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untru
|
04-08-2021 - 17:14 | 09-08-2018 - 20:29 | |
CVE-2020-16044 | 6.8 |
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
|
21-07-2021 - 11:39 | 09-02-2021 - 14:15 | |
CVE-2020-15969 | 6.8 |
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
21-07-2021 - 11:39 | 03-11-2020 - 03:15 | |
CVE-2020-15646 | 4.3 |
If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a s
|
21-07-2021 - 11:39 | 08-10-2020 - 14:15 | |
CVE-2020-6825 | 7.5 |
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of t
|
21-07-2021 - 11:39 | 24-04-2020 - 16:15 | |
CVE-2020-6831 | 7.5 |
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
|
21-07-2021 - 11:39 | 26-05-2020 - 18:15 | |
CVE-2020-6514 | 4.3 |
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
|
21-07-2021 - 11:39 | 22-07-2020 - 17:15 | |
CVE-2020-8450 | 7.5 |
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
|
21-07-2021 - 11:39 | 04-02-2020 - 20:15 | |
CVE-2017-5461 | 7.5 |
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i
|
20-07-2021 - 23:15 | 11-05-2017 - 01:29 | |
CVE-2018-0739 | 4.3 |
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
|
20-07-2021 - 23:15 | 27-03-2018 - 21:29 | |
CVE-2015-0254 | 7.5 |
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
|
20-07-2021 - 23:15 | 09-03-2015 - 14:59 | |
CVE-2016-3092 | 7.8 |
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (
|
17-07-2021 - 08:15 | 04-07-2016 - 22:59 | |
CVE-2014-3917 | 3.3 |
kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a lar
|
15-07-2021 - 19:16 | 05-06-2014 - 17:55 | |
CVE-2018-11784 | 4.3 |
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause
|
13-07-2021 - 17:15 | 04-10-2018 - 13:29 | |
CVE-2018-10689 | 4.3 |
blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the
|
08-07-2021 - 07:15 | 03-05-2018 - 07:29 | |
CVE-2015-7236 | 5.0 |
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
|
07-07-2021 - 14:04 | 01-10-2015 - 20:59 | |
CVE-2019-12779 | 6.6 |
libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.
|
03-07-2021 - 05:15 | 07-06-2019 - 20:29 | |
CVE-2017-18189 | 5.0 |
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.
|
24-06-2021 - 15:16 | 15-02-2018 - 10:29 | |
CVE-2017-1000061 | 5.8 |
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
|
14-06-2021 - 18:15 | 17-07-2017 - 13:18 | |
CVE-2016-2518 | 5.0 |
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
|
10-06-2021 - 13:15 | 30-01-2017 - 21:59 | |
CVE-2018-3665 | 4.7 |
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
|
09-06-2021 - 16:24 | 21-06-2018 - 20:29 | |
CVE-2017-9798 | 5.0 |
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2
|
06-06-2021 - 11:15 | 18-09-2017 - 15:29 | |
CVE-2017-9788 | 6.4 |
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial ke
|
06-06-2021 - 11:15 | 13-07-2017 - 16:29 | |
CVE-2018-17199 | 5.0 |
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session
|
06-06-2021 - 11:15 | 30-01-2019 - 22:29 | |
CVE-2015-3185 | 4.3 |
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote
|
06-06-2021 - 11:15 | 20-07-2015 - 23:59 | |
CVE-2020-11985 | 4.3 |
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in
|
06-06-2021 - 11:15 | 07-08-2020 - 16:15 | |
CVE-2020-1935 | 5.8 |
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug
|
04-05-2021 - 19:19 | 24-02-2020 - 22:15 | |
CVE-2019-0161 | 2.1 |
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
|
29-04-2021 - 22:15 | 27-03-2019 - 20:29 | |
CVE-2018-14682 | 6.8 |
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
|
26-04-2021 - 11:45 | 28-07-2018 - 23:29 | |
CVE-2014-3677 | 7.5 |
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.
|
07-04-2021 - 13:58 | 22-10-2014 - 14:55 | |
CVE-2020-8112 | 6.8 |
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
|
02-04-2021 - 12:15 | 28-01-2020 - 18:15 | |
CVE-2019-14850 | 2.6 |
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to th
|
24-03-2021 - 18:05 | 18-03-2021 - 19:15 | |
CVE-2020-5260 | 5.0 |
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from se
|
19-03-2021 - 18:21 | 14-04-2020 - 23:15 | |
CVE-2020-11945 | 7.5 |
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a s
|
17-03-2021 - 12:40 | 23-04-2020 - 15:15 | |
CVE-2020-14803 | 5.0 |
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocol
|
24-02-2021 - 21:42 | 21-10-2020 - 15:15 | |
CVE-2017-1000050 | 5.0 |
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
|
22-02-2021 - 14:20 | 17-07-2017 - 13:18 | |
CVE-2019-11745 | 6.8 |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
|
19-02-2021 - 17:22 | 08-01-2020 - 20:15 | |
CVE-2019-17007 | 5.0 |
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
|
19-02-2021 - 16:58 | 22-10-2020 - 21:15 | |
CVE-2020-12663 | 5.0 |
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
|
17-02-2021 - 20:58 | 19-05-2020 - 14:15 | |
CVE-2020-8608 | 6.8 |
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
|
14-02-2021 - 03:50 | 06-02-2020 - 17:15 | |
CVE-2020-7039 | 6.8 |
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute
|
14-02-2021 - 03:50 | 16-01-2020 - 23:15 | |
CVE-2018-17095 | 6.8 |
An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
|
09-02-2021 - 15:08 | 16-09-2018 - 21:29 | |
CVE-2015-8631 | 4.0 |
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL pr
|
02-02-2021 - 19:15 | 13-02-2016 - 02:59 | |
CVE-2018-7456 | 4.3 |
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.
|
29-01-2021 - 20:15 | 24-02-2018 - 06:29 | |
CVE-2020-35113 | 6.8 |
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T
|
12-01-2021 - 19:15 | 07-01-2021 - 14:15 | |
CVE-2019-12155 | 5.0 |
interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference.
|
30-12-2020 - 20:15 | 24-05-2019 - 16:29 | |
CVE-2020-25712 | 4.6 |
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system ava
|
16-12-2020 - 21:42 | 15-12-2020 - 17:15 | |
CVE-2020-26970 | 9.3 |
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploita
|
10-12-2020 - 18:52 | 09-12-2020 - 01:15 | |
CVE-2020-26968 | 9.3 |
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. T
|
10-12-2020 - 16:19 | 09-12-2020 - 01:15 | |
CVE-2020-29599 | None |
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible
|
07-12-2020 - 20:15 | 07-12-2020 - 20:15 | |
CVE-2020-10772 | 5.0 |
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, e
|
03-12-2020 - 21:14 | 27-11-2020 - 18:15 | |
CVE-2018-13259 | 7.5 |
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
|
01-12-2020 - 07:15 | 05-09-2018 - 08:29 | |
CVE-2017-5848 | 5.0 |
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
|
20-11-2020 - 18:59 | 09-02-2017 - 15:59 | |
CVE-2016-6489 | 5.0 |
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
|
16-11-2020 - 20:20 | 14-04-2017 - 18:59 | |
CVE-2014-3469 | 5.0 |
The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.
|
16-11-2020 - 14:24 | 05-06-2014 - 20:55 | |
CVE-2018-5950 | 4.3 |
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
|
10-11-2020 - 19:39 | 23-01-2018 - 16:29 | |
CVE-2017-5898 | 2.1 |
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large A
|
10-11-2020 - 18:55 | 15-03-2017 - 19:59 | |
CVE-2018-7858 | 2.1 |
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when up
|
10-11-2020 - 18:54 | 12-03-2018 - 21:29 | |
CVE-2017-15289 | 2.1 |
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
|
10-11-2020 - 18:53 | 16-10-2017 - 18:29 | |
CVE-2020-14352 | 8.5 |
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the
|
09-11-2020 - 14:28 | 30-08-2020 - 15:15 | |
CVE-2019-8696 | 6.5 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execu
|
30-10-2020 - 02:22 | 27-10-2020 - 20:15 | |
CVE-2018-19662 | 5.8 |
An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.
|
29-10-2020 - 19:15 | 29-11-2018 - 08:29 | |
CVE-2017-9524 | 5.0 |
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initi
|
29-10-2020 - 17:24 | 06-07-2017 - 16:29 | |
CVE-2017-13725 | 7.5 |
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
|
28-10-2020 - 19:28 | 14-09-2017 - 06:29 | |
CVE-2018-7730 | 4.3 |
An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.
|
26-10-2020 - 12:17 | 06-03-2018 - 18:29 | |
CVE-2014-6055 | 6.5 |
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) d
|
23-10-2020 - 13:15 | 30-09-2014 - 16:55 | |
CVE-2018-15127 | 7.5 |
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
|
23-10-2020 - 13:15 | 19-12-2018 - 16:29 | |
CVE-2018-7225 | 7.5 |
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an
|
23-10-2020 - 13:15 | 19-02-2018 - 15:29 | |
CVE-2018-10583 | 5.0 |
An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg with
|
21-10-2020 - 13:15 | 01-05-2018 - 16:29 | |
CVE-2017-9800 | 7.5 |
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user
|
20-10-2020 - 22:15 | 11-08-2017 - 21:29 | |
CVE-2019-5436 | 4.6 |
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
|
20-10-2020 - 22:15 | 28-05-2019 - 19:29 | |
CVE-2019-6477 | 5.0 |
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resourc
|
20-10-2020 - 12:15 | 26-11-2019 - 16:15 | |
CVE-2018-5741 | 4.0 |
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client,
|
20-10-2020 - 12:15 | 16-01-2019 - 20:29 | |
CVE-2019-3827 | 3.3 |
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can
|
19-10-2020 - 18:06 | 25-03-2019 - 18:29 | |
CVE-2019-15695 | 6.5 |
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from
|
16-10-2020 - 20:00 | 26-12-2019 - 16:15 | |
CVE-2019-14817 | 6.8 |
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could dis
|
16-10-2020 - 13:21 | 03-09-2019 - 16:15 | |
CVE-2019-3839 | 6.8 |
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o
|
15-10-2020 - 14:31 | 16-05-2019 - 19:29 | |
CVE-2019-3838 | 4.3 |
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the cons
|
15-10-2020 - 14:05 | 25-03-2019 - 19:29 | |
CVE-2018-5748 | 5.0 |
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
|
15-10-2020 - 13:28 | 25-01-2018 - 16:29 | |
CVE-2019-7221 | 4.6 |
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
|
15-10-2020 - 13:28 | 21-03-2019 - 16:01 | |
CVE-2019-10168 | 4.6 |
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will ex
|
15-10-2020 - 13:28 | 02-08-2019 - 13:15 | |
CVE-2017-1000366 | 7.2 |
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made t
|
15-10-2020 - 13:28 | 19-06-2017 - 16:29 | |
CVE-2019-14869 | 6.8 |
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating
|
09-10-2020 - 13:12 | 15-11-2019 - 12:15 | |
CVE-2020-25637 | None |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, cl
|
06-10-2020 - 14:36 | 06-10-2020 - 14:15 | |
CVE-2020-15669 | 6.8 |
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vu
|
02-10-2020 - 19:02 | 01-10-2020 - 19:15 | |
CVE-2019-10216 | 6.8 |
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that coul
|
30-09-2020 - 18:17 | 27-11-2019 - 13:15 | |
CVE-2019-10216 | 6.8 |
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that coul
|
30-09-2020 - 18:17 | 27-11-2019 - 13:15 | |
CVE-2020-14364 | 4.4 |
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_tok
|
30-09-2020 - 18:15 | 31-08-2020 - 18:15 | |
CVE-2020-17507 | 5.0 |
An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
|
30-09-2020 - 18:15 | 12-08-2020 - 18:15 | |
CVE-2020-14363 | 4.6 |
An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest thre
|
30-09-2020 - 18:15 | 11-09-2020 - 18:15 | |
CVE-2019-11745 | 6.8 |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
|
30-09-2020 - 18:15 | 08-01-2020 - 20:15 | |
CVE-2016-7076 | 7.2 |
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
|
30-09-2020 - 18:15 | 29-05-2018 - 13:29 | |
CVE-2020-14331 | 7.2 |
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local us
|
28-09-2020 - 16:15 | 15-09-2020 - 19:15 | |
CVE-2020-14385 | 4.7 |
A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, o
|
28-09-2020 - 16:15 | 15-09-2020 - 22:15 | |
CVE-2020-12888 | 4.7 |
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
|
28-09-2020 - 16:15 | 15-05-2020 - 18:15 | |
CVE-2020-1472 | 9.3 |
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
|
28-09-2020 - 13:48 | 17-08-2020 - 19:15 | |
CVE-2018-19873 | 7.5 |
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
|
28-09-2020 - 09:15 | 26-12-2018 - 21:29 | |
CVE-2018-19873 | 7.5 |
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
|
28-09-2020 - 09:15 | 26-12-2018 - 21:29 | |
CVE-2020-12674 | 5.0 |
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
|
25-09-2020 - 19:15 | 12-08-2020 - 16:15 | |
CVE-2018-5407 | 1.9 |
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
|
18-09-2020 - 16:58 | 15-11-2018 - 21:29 | |
CVE-2016-9401 | 2.1 |
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
|
14-09-2020 - 18:32 | 23-01-2017 - 21:59 | |
CVE-2016-5011 | 4.9 |
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot reco
|
11-09-2020 - 15:22 | 11-04-2017 - 15:59 | |
CVE-2018-14567 | 4.3 |
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-201
|
10-09-2020 - 01:15 | 16-08-2018 - 20:29 | |
CVE-2018-18751 | 7.5 |
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
|
08-09-2020 - 18:15 | 29-10-2018 - 12:29 | |
CVE-2015-4916 | 5.0 |
Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908. Per <a href="http://www.oracle.com/technetwork/t
|
08-09-2020 - 12:30 | 22-10-2015 - 00:00 | |
CVE-2016-2775 | 4.3 |
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight reso
|
25-08-2020 - 20:18 | 19-07-2016 - 22:59 | |
CVE-2019-9824 | 2.1 |
tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 uses uninitialized data in an snprintf call, leading to Information disclosure.
|
24-08-2020 - 17:37 | 03-06-2019 - 21:29 | |
CVE-2019-9813 | 6.8 |
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
|
24-08-2020 - 17:37 | 26-04-2019 - 17:29 | |
CVE-2019-9854 | 6.8 |
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Script
|
24-08-2020 - 17:37 | 06-09-2019 - 19:15 | |
CVE-2019-6778 | 4.6 |
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.
|
24-08-2020 - 17:37 | 21-03-2019 - 16:01 | |
CVE-2019-6133 | 4.4 |
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendin
|
24-08-2020 - 17:37 | 11-01-2019 - 14:29 | |
CVE-2019-18197 | 5.1 |
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be
|
24-08-2020 - 17:37 | 18-10-2019 - 21:15 | |
CVE-2018-19519 | 4.3 |
In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.
|
24-08-2020 - 17:37 | 25-11-2018 - 20:29 | |
CVE-2018-5345 | 6.8 |
A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.
|
24-08-2020 - 17:37 | 12-01-2018 - 00:29 | |
CVE-2018-19115 | 7.5 |
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimi
|
24-08-2020 - 17:37 | 08-11-2018 - 20:29 | |
CVE-2019-17546 | 6.8 |
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
|
24-08-2020 - 17:37 | 14-10-2019 - 02:15 | |
CVE-2019-8308 | 4.4 |
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
|
24-08-2020 - 17:37 | 12-02-2019 - 23:29 | |
CVE-2018-7566 | 4.6 |
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
|
24-08-2020 - 17:37 | 30-03-2018 - 21:29 | |
CVE-2018-6485 | 7.5 |
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to
|
24-08-2020 - 17:37 | 01-02-2018 - 14:29 | |
CVE-2019-9956 | 6.8 |
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
|
24-08-2020 - 17:37 | 24-03-2019 - 00:29 | |
CVE-2019-5953 | 7.5 |
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
|
24-08-2020 - 17:37 | 17-05-2019 - 16:29 | |
CVE-2018-7418 | 5.0 |
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.
|
24-08-2020 - 17:37 | 23-02-2018 - 22:29 | |
CVE-2019-2821 | 2.6 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to comp
|
24-08-2020 - 17:37 | 23-07-2019 - 23:15 | |
CVE-2018-18498 | 7.5 |
A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird
|
24-08-2020 - 17:37 | 28-02-2019 - 18:29 | |
CVE-2018-18311 | 7.5 |
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
|
24-08-2020 - 17:37 | 07-12-2018 - 21:29 | |
CVE-2019-12749 | 3.6 |
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference
|
24-08-2020 - 17:37 | 11-06-2019 - 17:29 | |
CVE-2019-14378 | 6.5 |
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
|
24-08-2020 - 17:37 | 29-07-2019 - 11:15 | |
CVE-2018-17456 | 7.5 |
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has
|
24-08-2020 - 17:37 | 06-10-2018 - 14:29 | |
CVE-2018-16542 | 4.3 |
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
|
24-08-2020 - 17:37 | 05-09-2018 - 18:29 | |
CVE-2018-13139 | 6.8 |
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be trigger
|
24-08-2020 - 17:37 | 04-07-2018 - 14:29 | |
CVE-2018-12327 | 7.5 |
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whet
|
24-08-2020 - 17:37 | 20-06-2018 - 14:29 | |
CVE-2018-12384 | 4.3 |
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.3
|
24-08-2020 - 17:37 | 29-04-2019 - 15:29 | |
CVE-2018-12393 | 5.0 |
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bou
|
24-08-2020 - 17:37 | 28-02-2019 - 18:29 | |
CVE-2019-11091 | 4.7 |
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
24-08-2020 - 17:37 | 30-05-2019 - 16:29 | |
CVE-2018-12015 | 6.4 |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
|
24-08-2020 - 17:37 | 07-06-2018 - 13:29 | |
CVE-2018-1000116 | 7.5 |
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
|
24-08-2020 - 17:37 | 07-03-2018 - 14:29 | |
CVE-2019-0816 | 1.9 |
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.
|
24-08-2020 - 17:37 | 09-04-2019 - 03:29 | |
CVE-2019-0117 | 2.1 |
Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families; Intel(R) Xeon(R) E-2100 & E-2200 Processor Families
|
24-08-2020 - 17:37 | 14-11-2019 - 20:15 | |
CVE-2019-1000020 | 4.3 |
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, rea
|
24-08-2020 - 17:37 | 04-02-2019 - 21:29 | |
CVE-2019-8325 | 5.0 |
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)
|
19-08-2020 - 19:01 | 17-06-2019 - 19:15 | |
CVE-2020-11078 | 4.3 |
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httpli
|
19-08-2020 - 18:56 | 20-05-2020 - 16:15 | |
CVE-2019-15239 | 7.2 |
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue tha
|
18-08-2020 - 15:05 | 20-08-2019 - 08:15 | |
CVE-2016-8864 | 5.0 |
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive
|
17-08-2020 - 17:44 | 02-11-2016 - 17:59 | |
CVE-2014-4667 | 5.0 |
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
|
14-08-2020 - 18:02 | 03-07-2014 - 04:22 | |
CVE-2014-3615 | 2.1 |
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
|
11-08-2020 - 15:49 | 01-11-2014 - 23:55 | |
CVE-2018-1000852 | 6.4 |
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server c
|
07-08-2020 - 17:31 | 20-12-2018 - 15:29 | |
CVE-2020-14019 | 4.6 |
Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
|
07-08-2020 - 12:15 | 19-06-2020 - 11:15 | |
CVE-2018-14498 | 4.3 |
get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is o
|
31-07-2020 - 21:15 | 07-03-2019 - 23:29 | |
CVE-2018-13347 | 7.5 |
mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
|
31-07-2020 - 13:15 | 06-07-2018 - 00:29 | |
CVE-2017-6519 | 6.4 |
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leaka
|
29-07-2020 - 12:15 | 01-05-2017 - 01:59 | |
CVE-2019-9631 | 7.5 |
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
|
23-07-2020 - 12:15 | 08-03-2019 - 05:29 | |
CVE-2019-19338 | 2.1 |
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a hos
|
21-07-2020 - 17:17 | 13-07-2020 - 17:15 | |
CVE-2016-6814 | 7.5 |
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f
|
15-07-2020 - 03:15 | 18-01-2018 - 18:29 | |
CVE-2019-13345 | 4.3 |
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
|
11-07-2020 - 00:15 | 05-07-2019 - 16:15 | |
CVE-2020-5312 | 7.5 |
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
|
10-07-2020 - 17:09 | 03-01-2020 - 01:15 | |
CVE-2016-0764 | 2.1 |
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensiti
|
01-07-2020 - 14:13 | 17-07-2017 - 13:18 | |
CVE-2018-6541 | 4.3 |
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service
|
28-06-2020 - 15:15 | 02-02-2018 - 09:29 | |
CVE-2020-12654 | 4.3 |
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
|
16-06-2020 - 20:15 | 05-05-2020 - 05:15 | |
CVE-2019-13232 | 2.1 |
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
|
16-06-2020 - 18:25 | 04-07-2019 - 13:15 | |
CVE-2020-10703 | 4.0 |
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created witho
|
16-06-2020 - 03:15 | 02-06-2020 - 13:15 | |
CVE-2020-11008 | 5.0 |
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open fo
|
22-05-2020 - 19:15 | 21-04-2020 - 19:15 | |
CVE-2018-14355 | 5.0 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
|
20-05-2020 - 01:19 | 17-07-2018 - 17:29 | |
CVE-2018-14362 | 7.5 |
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.
|
19-05-2020 - 17:19 | 17-07-2018 - 17:29 | |
CVE-2017-17833 | 7.5 |
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
|
15-05-2020 - 00:15 | 23-04-2018 - 18:29 | |
CVE-2018-5683 | 2.1 |
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
|
14-05-2020 - 14:14 | 23-01-2018 - 18:29 | |
CVE-2018-13796 | 4.3 |
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
|
06-05-2020 - 20:15 | 12-07-2018 - 18:29 | |
CVE-2018-1116 | 3.6 |
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other
|
05-05-2020 - 16:05 | 10-07-2018 - 19:29 | |
CVE-2018-11235 | 6.8 |
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that
|
02-05-2020 - 00:15 | 30-05-2018 - 04:29 | |
CVE-2018-1336 | 5.0 |
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and
|
15-04-2020 - 21:15 | 02-08-2018 - 14:29 | |
CVE-2018-19208 | 4.3 |
In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h.
|
14-04-2020 - 15:27 | 12-11-2018 - 19:29 | |
CVE-2019-3696 | 4.4 |
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module f
|
24-03-2020 - 14:00 | 03-03-2020 - 11:15 | |
CVE-2016-1000111 | 5.0 |
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote
|
13-03-2020 - 20:04 | 11-03-2020 - 20:15 | |
CVE-2015-8710 | 7.5 |
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed H
|
26-02-2020 - 19:19 | 11-04-2016 - 21:59 | |
CVE-2014-4607 | 6.8 |
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
|
14-02-2020 - 15:26 | 12-02-2020 - 14:15 | |
CVE-2018-7159 | 5.0 |
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Conte
|
13-02-2020 - 15:55 | 17-05-2018 - 14:29 | |
CVE-2019-18634 | 4.6 |
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upst
|
07-02-2020 - 17:15 | 29-01-2020 - 18:15 | |
CVE-2017-9462 | 9.0 |
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
|
05-02-2020 - 18:32 | 06-06-2017 - 21:29 | |
CVE-2019-14867 | 6.8 |
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data.
|
05-02-2020 - 00:15 | 27-11-2019 - 09:15 | |
CVE-2015-0244 | 7.5 |
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafte
|
31-01-2020 - 20:18 | 27-01-2020 - 16:15 | |
CVE-2020-2655 | 5.8 |
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to comprom
|
28-01-2020 - 13:15 | 15-01-2020 - 17:15 | |
CVE-2016-3120 | 4.0 |
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows r
|
21-01-2020 - 15:47 | 01-08-2016 - 02:59 | |
CVE-2014-9423 | 5.0 |
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attacker
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 | |
CVE-2015-2694 | 5.8 |
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1
|
21-01-2020 - 15:46 | 25-05-2015 - 19:59 | |
CVE-2019-12420 | 5.0 |
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
|
13-01-2020 - 19:15 | 12-12-2019 - 23:15 | |
CVE-2014-5118 | 2.1 |
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
|
10-01-2020 - 14:15 | 18-11-2019 - 23:15 | |
CVE-2018-5733 | 5.0 |
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4
|
09-01-2020 - 21:08 | 16-01-2019 - 20:29 | |
CVE-2017-3144 | 5.0 |
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older ve
|
09-01-2020 - 21:07 | 16-01-2019 - 20:29 | |
CVE-2016-2774 | 7.1 |
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establis
|
08-01-2020 - 17:17 | 09-03-2016 - 15:59 | |
CVE-2016-6198 | 4.9 |
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related t
|
27-12-2019 - 16:08 | 06-08-2016 - 20:59 | |
CVE-2016-5444 | 4.3 |
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related
|
27-12-2019 - 16:08 | 21-07-2016 - 10:14 | |
CVE-2016-7166 | 4.3 |
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
|
27-12-2019 - 16:08 | 21-09-2016 - 14:25 | |
CVE-2015-8000 | 5.0 |
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
|
27-12-2019 - 16:08 | 16-12-2015 - 15:59 | |
CVE-2016-4556 | 5.0 |
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. <a href="http://cwe.mitre.org/data/definitions/415.html">
|
27-12-2019 - 16:08 | 10-05-2016 - 19:59 | |
CVE-2015-6248 | 4.3 |
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application cras
|
27-12-2019 - 16:08 | 24-08-2015 - 23:59 | |
CVE-2015-3455 | 2.6 |
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle atta
|
27-12-2019 - 16:08 | 18-05-2015 - 15:59 | |
CVE-2015-4643 | 7.5 |
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ov
|
27-12-2019 - 16:08 | 16-05-2016 - 10:59 | |
CVE-2016-2776 | 7.8 |
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted
|
27-12-2019 - 16:08 | 28-09-2016 - 10:59 | |
CVE-2018-5743 | 4.3 |
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the co
|
18-12-2019 - 18:15 | 09-10-2019 - 16:15 | |
CVE-2019-18397 | 6.8 |
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user
|
18-12-2019 - 04:15 | 13-11-2019 - 14:15 | |
CVE-2018-18384 | 4.3 |
Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12.
|
16-12-2019 - 20:24 | 16-10-2018 - 16:50 | |
CVE-2014-9636 | 5.0 |
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
|
16-12-2019 - 20:24 | 06-02-2015 - 15:59 | |
CVE-2017-14604 | 4.0 |
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command.
|
11-12-2019 - 14:12 | 20-09-2017 - 08:29 | |
CVE-2015-3167 | 5.0 |
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via
|
22-11-2019 - 15:18 | 20-11-2019 - 21:15 | |
CVE-2018-5742 | 4.3 |
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other
|
07-11-2019 - 18:33 | 30-10-2019 - 14:15 | |
CVE-2019-6470 | 5.0 |
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function
|
06-11-2019 - 21:52 | 01-11-2019 - 23:15 | |
CVE-2019-18408 | 5.0 |
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
|
01-11-2019 - 11:15 | 24-10-2019 - 14:15 | |
CVE-2018-8945 | 4.3 |
The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.
|
31-10-2019 - 01:15 | 22-03-2018 - 21:29 | |
CVE-2018-15127 | 7.5 |
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution
|
31-10-2019 - 01:15 | 19-12-2018 - 16:29 | |
CVE-2014-9365 | 5.8 |
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify tha
|
25-10-2019 - 11:53 | 12-12-2014 - 11:59 | |
CVE-2014-7185 | 6.4 |
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
|
25-10-2019 - 11:53 | 08-10-2014 - 17:55 | |
CVE-2019-17400 | 5.0 |
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
|
23-10-2019 - 19:38 | 21-10-2019 - 23:15 | |
CVE-2018-14665 | 7.2 |
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate the
|
22-10-2019 - 23:15 | 25-10-2018 - 20:29 | |
CVE-2018-18066 | 5.0 |
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
|
16-10-2019 - 18:15 | 08-10-2018 - 18:29 | |
CVE-2019-3890 | 5.8 |
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the diffe
|
09-10-2019 - 23:49 | 01-08-2019 - 14:15 | |
CVE-2018-5379 | 7.5 |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an
|
09-10-2019 - 23:41 | 19-02-2018 - 13:29 | |
CVE-2018-1089 | 5.0 |
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-sl
|
09-10-2019 - 23:38 | 09-05-2018 - 15:29 | |
CVE-2018-1106 | 2.1 |
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a
|
09-10-2019 - 23:38 | 23-04-2018 - 20:29 | |
CVE-2018-1113 | 4.6 |
setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell bein
|
09-10-2019 - 23:38 | 03-07-2018 - 01:29 | |
CVE-2018-1080 | 6.8 |
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz
|
09-10-2019 - 23:38 | 03-07-2018 - 01:29 | |
CVE-2018-1086 | 5.0 |
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote att
|
09-10-2019 - 23:38 | 12-04-2018 - 16:29 | |
CVE-2018-14638 | 5.0 |
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
|
09-10-2019 - 23:35 | 14-09-2018 - 19:29 | |
CVE-2018-14648 | 7.8 |
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
|
09-10-2019 - 23:35 | 28-09-2018 - 13:29 | |
CVE-2018-14646 | 4.9 |
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assi
|
09-10-2019 - 23:35 | 26-11-2018 - 19:29 | |
CVE-2018-10852 | 5.0 |
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available fo
|
09-10-2019 - 23:33 | 26-06-2018 - 14:29 | |
CVE-2018-10873 | 6.5 |
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its p
|
09-10-2019 - 23:33 | 17-08-2018 - 12:29 | |
CVE-2017-7518 | 4.6 |
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/pr
|
09-10-2019 - 23:29 | 30-07-2018 - 15:29 | |
CVE-2017-2640 | 7.5 |
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
|
09-10-2019 - 23:27 | 27-07-2018 - 18:29 | |
CVE-2017-2668 | 4.3 |
389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bin
|
09-10-2019 - 23:27 | 22-06-2018 - 13:29 | |
CVE-2017-3137 | 5.0 |
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which record
|
09-10-2019 - 23:27 | 16-01-2019 - 20:29 | |
CVE-2017-3135 | 4.3 |
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3
|
09-10-2019 - 23:27 | 16-01-2019 - 20:29 | |
CVE-2017-2616 | 4.7 |
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
|
09-10-2019 - 23:26 | 27-07-2018 - 19:29 | |
CVE-2017-2590 | 5.5 |
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable,
|
09-10-2019 - 23:26 | 27-07-2018 - 18:29 | |
CVE-2017-15101 | 7.5 |
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.
|
09-10-2019 - 23:24 | 27-07-2018 - 20:29 | |
CVE-2017-12173 | 4.0 |
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a gi
|
09-10-2019 - 23:22 | 27-07-2018 - 16:29 | |
CVE-2016-9575 | 6.5 |
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify p
|
09-10-2019 - 23:20 | 13-03-2018 - 13:29 | |
CVE-2016-9600 | 4.3 |
JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.
|
09-10-2019 - 23:20 | 12-03-2018 - 15:29 | |
CVE-2016-9578 | 5.0 |
A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash.
|
09-10-2019 - 23:20 | 27-07-2018 - 21:29 | |
CVE-2016-7035 | 7.2 |
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon t
|
09-10-2019 - 23:19 | 10-09-2018 - 16:29 | |
CVE-2019-11752 | 9.3 |
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.
|
04-10-2019 - 18:15 | 27-09-2019 - 18:15 | |
CVE-2018-6560 | 4.6 |
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in
|
03-10-2019 - 00:03 | 02-02-2018 - 14:29 | |
CVE-2018-18505 | 7.5 |
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created
|
03-10-2019 - 00:03 | 05-02-2019 - 21:29 | |
CVE-2018-5117 | 5.0 |
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can misle
|
03-10-2019 - 00:03 | 11-06-2018 - 21:29 | |
CVE-2017-8932 | 4.3 |
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progress
|
03-10-2019 - 00:03 | 06-07-2017 - 16:29 | |
CVE-2018-6574 | 4.6 |
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not bloc
|
03-10-2019 - 00:03 | 07-02-2018 - 21:29 | |
CVE-2018-8897 | 7.2 |
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that
|
03-10-2019 - 00:03 | 08-05-2018 - 18:29 | |
CVE-2018-19409 | 7.5 |
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
|
03-10-2019 - 00:03 | 21-11-2018 - 16:29 | |
CVE-2018-7727 | 4.3 |
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.
|
03-10-2019 - 00:03 | 06-03-2018 - 17:29 | |
CVE-2018-5383 | 4.3 |
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generat
|
03-10-2019 - 00:03 | 07-08-2018 - 21:29 | |
CVE-2018-5185 | 4.3 |
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
|
03-10-2019 - 00:03 | 11-06-2018 - 21:29 | |
CVE-2018-6871 | 5.0 |
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
|
03-10-2019 - 00:03 | 09-02-2018 - 06:29 | |
CVE-2017-5664 | 5.0 |
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request
|
03-10-2019 - 00:03 | 06-06-2017 - 14:29 | |
CVE-2017-8386 | 6.5 |
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain pr
|
03-10-2019 - 00:03 | 01-06-2017 - 16:29 | |
CVE-2017-7547 | 4.0 |
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having
|
03-10-2019 - 00:03 | 16-08-2017 - 18:29 | |
CVE-2017-7830 | 4.3 |
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderb
|
03-10-2019 - 00:03 | 11-06-2018 - 21:29 | |
CVE-2017-9461 | 6.8 |
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
|
03-10-2019 - 00:03 | 06-06-2017 - 21:29 | |
CVE-2017-8779 | 7.8 |
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (mem
|
03-10-2019 - 00:03 | 04-05-2017 - 14:29 | |
CVE-2018-6764 | 4.6 |
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
|
03-10-2019 - 00:03 | 23-02-2018 - 17:29 | |
CVE-2017-7396 | 5.0 |
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
|
03-10-2019 - 00:03 | 01-04-2017 - 02:59 | |
CVE-2017-8422 | 7.2 |
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
|
03-10-2019 - 00:03 | 17-05-2017 - 14:29 | |
CVE-2018-16597 | 4.9 |
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
|
03-10-2019 - 00:03 | 21-09-2018 - 16:29 | |
CVE-2018-16395 | 7.5 |
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may
|
03-10-2019 - 00:03 | 16-11-2018 - 18:29 | |
CVE-2017-3143 | 4.3 |
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. A
|
03-10-2019 - 00:03 | 16-01-2019 - 20:29 | |
CVE-2018-14526 | 3.3 |
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abu
|
03-10-2019 - 00:03 | 08-08-2018 - 19:29 | |
CVE-2018-1122 | 4.4 |
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities
|
03-10-2019 - 00:03 | 23-05-2018 - 14:29 | |
CVE-2018-12180 | 6.8 |
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
|
03-10-2019 - 00:03 | 27-03-2019 - 20:29 | |
CVE-2017-14482 | 6.8 |
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched exten
|
03-10-2019 - 00:03 | 14-09-2017 - 16:29 | |
CVE-2018-10906 | 4.6 |
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_
|
03-10-2019 - 00:03 | 24-07-2018 - 20:29 | |
CVE-2018-1061 | 5.0 |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
|
03-10-2019 - 00:03 | 19-06-2018 - 12:29 | |
CVE-2018-1000301 | 6.4 |
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP
|
03-10-2019 - 00:03 | 24-05-2018 - 13:29 | |
CVE-2017-13167 | 7.2 |
An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.
|
03-10-2019 - 00:03 | 06-12-2017 - 14:29 | |
CVE-2017-13088 | 2.9 |
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to repl
|
03-10-2019 - 00:03 | 17-10-2017 - 13:29 | |
CVE-2018-1000001 | 7.2 |
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
|
03-10-2019 - 00:03 | 31-01-2018 - 14:29 | |
CVE-2017-10987 | 5.0 |
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
|
03-10-2019 - 00:03 | 17-07-2017 - 17:29 | |
CVE-2017-0553 | 7.6 |
An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process
|
03-10-2019 - 00:03 | 07-04-2017 - 22:59 | |
CVE-2017-1000083 | 6.8 |
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option su
|
03-10-2019 - 00:03 | 05-09-2017 - 06:29 | |
CVE-2017-1000116 | 10.0 |
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
CVE-2017-1000117 | 6.8 |
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
CVE-2018-11782 | 4.0 |
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.
|
27-09-2019 - 15:33 | 26-09-2019 - 16:15 | |
CVE-2019-11500 | 7.5 |
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
|
06-09-2019 - 15:15 | 29-08-2019 - 14:15 | |
CVE-2019-13638 | 9.3 |
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable sy
|
16-08-2019 - 12:15 | 26-07-2019 - 13:15 | |
CVE-2018-7225 | 7.5 |
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an
|
09-08-2019 - 23:15 | 19-02-2018 - 15:29 | |
CVE-2018-11781 | 4.6 |
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
|
06-08-2019 - 21:15 | 17-09-2018 - 14:29 | |
CVE-2019-6501 | 2.1 |
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
|
06-08-2019 - 17:15 | 21-03-2019 - 16:01 | |
CVE-2018-19044 | 3.3 |
keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a s
|
06-08-2019 - 17:15 | 08-11-2018 - 20:29 | |
CVE-2018-6790 | 5.0 |
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG eleme
|
06-08-2019 - 17:15 | 07-02-2018 - 02:29 | |
CVE-2018-9305 | 5.8 |
In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
|
06-08-2019 - 17:15 | 04-04-2018 - 21:29 | |
CVE-2018-19788 | 9.0 |
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
|
06-08-2019 - 17:15 | 03-12-2018 - 06:29 | |
CVE-2018-19199 | 7.5 |
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
|
06-08-2019 - 17:15 | 12-11-2018 - 15:29 | |
CVE-2018-16842 | 6.4 |
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
|
06-08-2019 - 17:15 | 31-10-2018 - 19:29 | |
CVE-2018-14348 | 5.5 |
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
|
06-08-2019 - 17:15 | 14-08-2018 - 18:29 | |
CVE-2018-16858 | 7.5 |
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice
|
06-08-2019 - 17:15 | 25-03-2019 - 18:29 | |
CVE-2018-17336 | 4.6 |
UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malfo
|
06-08-2019 - 17:15 | 22-09-2018 - 16:29 | |
CVE-2018-16427 | 2.1 |
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
|
06-08-2019 - 17:15 | 04-09-2018 - 00:29 | |
CVE-2018-15864 | 2.1 |
Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt ca
|
06-08-2019 - 17:15 | 25-08-2018 - 21:29 | |
CVE-2017-15112 | 2.1 |
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
|
06-08-2019 - 17:15 | 20-01-2018 - 00:29 | |
CVE-2016-10739 | 4.6 |
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume tha
|
06-08-2019 - 17:15 | 21-01-2019 - 19:29 | |
CVE-2018-7485 | 7.5 |
The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.
|
06-08-2019 - 15:15 | 26-02-2018 - 14:29 | |
CVE-2018-4700 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this c
|
05-08-2019 - 19:15 | 05-08-2019 - 19:15 | |
CVE-2018-12697 | 5.0 |
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
|
03-08-2019 - 13:15 | 23-06-2018 - 23:29 | |
CVE-2018-1126 | 7.5 |
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
|
30-07-2019 - 13:15 | 23-05-2018 - 13:29 | |
CVE-2018-1000156 | 6.8 |
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via th
|
30-07-2019 - 10:15 | 06-04-2018 - 13:29 | |
CVE-2019-9820 | 7.5 |
A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
|
26-07-2019 - 16:15 | 23-07-2019 - 14:15 | |
CVE-2018-8780 | 7.5 |
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional director
|
21-07-2019 - 12:15 | 03-04-2018 - 22:29 | |
CVE-2013-0334 | 5.0 |
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
|
16-07-2019 - 12:21 | 31-10-2014 - 14:55 | |
CVE-2018-20815 | 7.5 |
In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.
|
02-07-2019 - 23:15 | 31-05-2019 - 22:29 | |
CVE-2019-5785 | 4.3 |
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
|
01-07-2019 - 18:32 | 27-06-2019 - 17:15 | |
CVE-2019-9796 | 7.5 |
A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controll
|
26-06-2019 - 15:31 | 26-04-2019 - 17:29 | |
CVE-2019-9024 | 5.0 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlr
|
18-06-2019 - 18:15 | 22-02-2019 - 23:29 | |
CVE-2019-7524 | 7.2 |
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
|
14-06-2019 - 03:29 | 28-03-2019 - 14:29 | |
CVE-2019-12735 | 9.3 |
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
|
13-06-2019 - 21:29 | 05-06-2019 - 14:29 | |
CVE-2016-10745 | 5.0 |
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
|
06-06-2019 - 16:29 | 08-04-2019 - 13:29 | |
CVE-2018-8788 | 7.5 |
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
|
03-06-2019 - 16:29 | 29-11-2018 - 18:29 | |
CVE-2016-10245 | 4.3 |
Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.
|
03-06-2019 - 15:29 | 24-05-2019 - 17:29 | |
CVE-2017-1000368 | 7.2 |
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
|
29-05-2019 - 19:29 | 05-06-2017 - 16:29 | |
CVE-2018-5819 | 7.8 |
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
|
21-05-2019 - 16:29 | 20-02-2019 - 18:29 | |
CVE-2017-15134 | 5.0 |
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-sla
|
15-05-2019 - 21:29 | 01-03-2018 - 22:29 | |
CVE-2019-3863 | 6.8 |
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bound
|
14-05-2019 - 21:29 | 25-03-2019 - 18:29 | |
CVE-2019-11235 | 7.5 |
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar is
|
13-05-2019 - 18:29 | 22-04-2019 - 11:29 | |
CVE-2019-10063 | 6.8 |
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could other
|
13-05-2019 - 10:29 | 26-03-2019 - 14:29 | |
CVE-2017-3157 | 4.3 |
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections
|
08-05-2019 - 18:51 | 20-11-2017 - 20:29 | |
CVE-2019-3878 | 6.8 |
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers tha
|
07-05-2019 - 09:29 | 26-03-2019 - 18:29 | |
CVE-2016-7076 | 7.2 |
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec
|
06-05-2019 - 21:29 | 29-05-2018 - 13:29 | |
CVE-2019-3840 | 3.5 |
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
|
05-05-2019 - 05:29 | 27-03-2019 - 13:29 | |
CVE-2018-10360 | 4.3 |
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
|
02-05-2019 - 14:40 | 11-06-2018 - 10:29 | |
CVE-2018-13988 | 4.3 |
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab
|
25-04-2019 - 14:16 | 25-07-2018 - 23:29 | |
CVE-2014-8119 | 5.0 |
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
|
22-04-2019 - 17:48 | 29-12-2017 - 22:29 | |
CVE-2016-5766 | 6.8 |
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based
|
22-04-2019 - 17:48 | 07-08-2016 - 10:59 | |
CVE-2018-14618 | 10.0 |
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocat
|
22-04-2019 - 17:48 | 05-09-2018 - 19:29 | |
CVE-2016-2150 | 3.6 |
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
|
22-04-2019 - 17:48 | 09-06-2016 - 16:59 | |
CVE-2015-3636 | 4.9 |
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and sy
|
22-04-2019 - 17:48 | 06-08-2015 - 01:59 | |
CVE-2014-3560 | 7.9 |
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the u
|
22-04-2019 - 17:48 | 06-08-2014 - 18:55 | |
CVE-2014-5177 | 1.2 |
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the
|
22-04-2019 - 17:48 | 03-08-2014 - 18:55 | |
CVE-2014-0249 | 3.3 |
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
|
22-04-2019 - 17:48 | 11-06-2014 - 14:55 | |
CVE-2018-6952 | 5.0 |
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
|
17-04-2019 - 20:29 | 13-02-2018 - 19:29 | |
CVE-2015-9262 | 7.5 |
_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow.
|
16-04-2019 - 19:08 | 01-08-2018 - 23:29 | |
CVE-2017-7674 | 4.3 |
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poi
|
15-04-2019 - 16:31 | 11-08-2017 - 02:29 | |
CVE-2016-8745 | 5.0 |
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the
|
15-04-2019 - 16:30 | 10-08-2017 - 22:29 | |
CVE-2014-0227 | 6.4 |
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote atta
|
15-04-2019 - 16:29 | 16-02-2015 - 00:59 | |
CVE-2014-0099 | 4.3 |
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a craf
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 | |
CVE-2014-0119 | 4.3 |
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web a
|
15-04-2019 - 16:29 | 31-05-2014 - 11:17 | |
CVE-2019-3861 | 6.4 |
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or
|
15-04-2019 - 12:31 | 25-03-2019 - 19:29 | |
CVE-2019-3862 | 6.4 |
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Servic
|
15-04-2019 - 12:31 | 21-03-2019 - 16:01 | |
CVE-2019-6978 | 7.5 |
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
|
05-04-2019 - 00:29 | 28-01-2019 - 08:29 | |
CVE-2018-10916 | 7.8 |
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirr
|
02-04-2019 - 18:29 | 01-08-2018 - 14:29 | |
CVE-2014-3490 | 7.5 |
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows
|
21-03-2019 - 14:22 | 19-08-2014 - 18:55 | |
CVE-2018-1000801 | 4.3 |
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via
|
20-03-2019 - 19:55 | 06-09-2018 - 18:29 | |
CVE-2018-0494 | 4.3 |
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
|
15-03-2019 - 01:22 | 06-05-2018 - 22:29 | |
CVE-2018-5145 | 7.5 |
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 an
|
13-03-2019 - 13:44 | 11-06-2018 - 21:29 | |
CVE-2018-5183 | 7.5 |
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 5
|
13-03-2019 - 13:24 | 11-06-2018 - 21:29 | |
CVE-2017-6011 | 4.3 |
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.
|
12-03-2019 - 19:43 | 16-02-2017 - 11:59 | |
CVE-2017-9776 | 6.8 |
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
|
12-03-2019 - 17:27 | 22-06-2017 - 21:29 | |
CVE-2018-5146 | 6.8 |
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
|
11-03-2019 - 19:33 | 11-06-2018 - 21:29 | |
CVE-2016-8283 | 4.0 |
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
|
07-03-2019 - 20:02 | 25-10-2016 - 14:31 | |
CVE-2018-16539 | 4.3 |
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
|
07-03-2019 - 15:57 | 05-09-2018 - 18:29 | |
CVE-2018-6927 | 4.6 |
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
|
06-03-2019 - 21:38 | 12-02-2018 - 19:29 | |
CVE-2018-7549 | 5.0 |
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
|
04-03-2019 - 17:21 | 27-02-2018 - 22:29 | |
CVE-2018-12397 | 3.6 |
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permissi
|
01-03-2019 - 15:00 | 28-02-2019 - 18:29 | |
CVE-2018-18499 | 4.3 |
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could all
|
01-03-2019 - 14:40 | 28-02-2019 - 18:29 | |
CVE-2016-5636 | 10.0 |
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based bu
|
09-02-2019 - 11:29 | 02-09-2016 - 14:59 | |
CVE-2016-9311 | 7.1 |
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
|
24-01-2019 - 11:29 | 13-01-2017 - 16:59 | |
CVE-2018-6126 | 6.8 |
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
|
15-01-2019 - 21:50 | 09-01-2019 - 19:29 | |
CVE-2014-3215 | 6.9 |
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to
|
03-01-2019 - 17:08 | 08-05-2014 - 10:55 | |
CVE-2018-5806 | 4.3 |
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
|
28-12-2018 - 21:29 | 07-12-2018 - 22:29 | |
CVE-2018-12385 | 4.4 |
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to w
|
06-12-2018 - 19:03 | 18-10-2018 - 13:29 | |
CVE-2018-12387 | 6.4 |
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as pa
|
06-12-2018 - 18:38 | 18-10-2018 - 13:29 | |
CVE-2018-17828 | 5.8 |
Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
|
28-11-2018 - 15:00 | 01-10-2018 - 08:29 | |
CVE-2018-17407 | 6.8 |
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnera
|
15-11-2018 - 16:11 | 23-09-2018 - 21:29 | |
CVE-2016-7167 | 7.5 |
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a h
|
13-11-2018 - 11:29 | 07-10-2016 - 14:59 | |
CVE-2016-7141 | 5.0 |
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file
|
13-11-2018 - 11:29 | 03-10-2016 - 21:59 | |
CVE-2017-1000257 | 6.4 |
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. l
|
13-11-2018 - 11:29 | 31-10-2017 - 21:29 | |
CVE-2018-11645 | 5.0 |
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.
|
11-11-2018 - 11:29 | 01-06-2018 - 12:29 | |
CVE-2017-18201 | 7.5 |
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
|
31-10-2018 - 10:29 | 26-02-2018 - 14:29 | |
CVE-2014-9675 | 5.0 |
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
|
30-10-2018 - 16:27 | 08-02-2015 - 11:59 | |
CVE-2015-8704 | 6.8 |
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
|
30-10-2018 - 16:27 | 20-01-2016 - 15:59 | |
CVE-2016-7797 | 5.0 |
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
|
30-10-2018 - 16:27 | 24-03-2017 - 15:59 | |
CVE-2015-7552 | 9.3 |
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
|
30-10-2018 - 16:27 | 18-04-2016 - 14:59 | |
CVE-2015-8779 | 7.5 |
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
|
30-10-2018 - 16:27 | 19-04-2016 - 21:59 | |
CVE-2014-8564 | 5.0 |
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptograp
|
30-10-2018 - 16:27 | 13-11-2014 - 21:32 | |
CVE-2015-7545 | 7.5 |
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execut
|
30-10-2018 - 16:27 | 13-04-2016 - 15:59 | |
CVE-2015-8869 | 6.4 |
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.
|
30-10-2018 - 16:27 | 13-06-2016 - 19:59 | |
CVE-2014-9273 | 4.6 |
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
|
30-10-2018 - 16:27 | 08-12-2014 - 16:59 | |
CVE-2014-8158 | 6.8 |
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
|
30-10-2018 - 16:27 | 26-01-2015 - 15:59 | |
CVE-2016-3069 | 6.8 |
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
|
30-10-2018 - 16:27 | 13-04-2016 - 16:59 | |
CVE-2015-3256 | 4.6 |
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
|
30-10-2018 - 16:27 | 26-10-2015 - 19:59 | |
CVE-2015-3622 | 4.3 |
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
|
30-10-2018 - 16:27 | 12-05-2015 - 19:59 | |
CVE-2016-3190 | 5.0 |
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
|
30-10-2018 - 16:27 | 21-04-2016 - 14:59 | |
CVE-2015-3148 | 5.0 |
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
|
30-10-2018 - 16:27 | 24-04-2015 - 14:59 | |
CVE-2015-4620 | 7.8 |
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon ex
|
30-10-2018 - 16:27 | 08-07-2015 - 14:59 | |
CVE-2016-3075 | 5.0 |
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
|
30-10-2018 - 16:27 | 01-06-2016 - 20:59 | |
CVE-2015-5235 | 4.3 |
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.
|
30-10-2018 - 16:27 | 09-10-2015 - 14:59 | |
CVE-2015-3225 | 5.0 |
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
|
30-10-2018 - 16:27 | 26-07-2015 - 22:59 | |
CVE-2015-1349 | 5.4 |
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon cra
|
30-10-2018 - 16:27 | 19-02-2015 - 03:01 | |
CVE-2015-1345 | 2.1 |
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
|
30-10-2018 - 16:27 | 12-02-2015 - 16:59 | |
CVE-2016-0787 | 4.3 |
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes
|
30-10-2018 - 16:27 | 13-04-2016 - 17:59 | |
CVE-2015-0255 | 6.4 |
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry r
|
30-10-2018 - 16:27 | 13-02-2015 - 15:59 | |
CVE-2016-0729 | 7.5 |
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corrupti
|
17-10-2018 - 01:29 | 07-04-2016 - 21:59 | |
CVE-2014-9028 | 7.5 |
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
|
09-10-2018 - 19:54 | 26-11-2014 - 15:59 | |
CVE-2014-9029 | 7.5 |
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based bu
|
09-10-2018 - 19:54 | 08-12-2014 - 16:59 | |
CVE-2014-7187 | 10.0 |
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deepl
|
09-10-2018 - 19:52 | 28-09-2014 - 19:55 | |
CVE-2014-1492 | 4.3 |
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which
|
09-10-2018 - 19:42 | 25-03-2014 - 13:25 | |
CVE-2014-0211 | 7.5 |
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, wh
|
09-10-2018 - 19:38 | 15-05-2014 - 14:55 | |
CVE-2016-9444 | 5.0 |
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
|
27-09-2018 - 10:29 | 12-01-2017 - 06:59 | |
CVE-2016-10727 | 5.0 |
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes i
|
18-09-2018 - 13:16 | 20-07-2018 - 04:29 | |
CVE-2016-3115 | 5.5 |
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_
|
11-09-2018 - 10:29 | 22-03-2016 - 10:59 | |
CVE-2017-7778 | 7.5 |
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects
|
13-08-2018 - 17:14 | 11-06-2018 - 21:29 | |
CVE-2017-7824 | 7.5 |
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Thi
|
09-08-2018 - 16:25 | 11-06-2018 - 21:29 | |
CVE-2017-5428 | 7.5 |
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second v
|
09-08-2018 - 15:27 | 11-06-2018 - 21:29 | |
CVE-2016-9905 | 6.8 |
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
|
09-08-2018 - 15:14 | 11-06-2018 - 21:29 | |
CVE-2016-9079 | 5.0 |
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR <
|
09-08-2018 - 15:12 | 11-06-2018 - 21:29 | |
CVE-2018-5148 | 7.5 |
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.
|
09-08-2018 - 14:26 | 11-06-2018 - 21:29 | |
CVE-2017-7848 | 5.0 |
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.
|
09-08-2018 - 13:41 | 11-06-2018 - 21:29 | |
CVE-2017-5410 | 7.5 |
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52
|
07-08-2018 - 13:20 | 11-06-2018 - 21:29 | |
CVE-2017-7843 | 5.0 |
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple pr
|
06-08-2018 - 16:35 | 11-06-2018 - 21:29 | |
CVE-2017-7809 | 7.5 |
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox E
|
03-08-2018 - 15:26 | 11-06-2018 - 21:29 | |
CVE-2017-17790 | 7.5 |
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-201
|
03-08-2018 - 01:29 | 20-12-2017 - 09:29 | |
CVE-2017-5396 | 7.5 |
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
|
02-08-2018 - 19:54 | 11-06-2018 - 21:29 | |
CVE-2016-9066 | 5.0 |
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
|
30-07-2018 - 13:22 | 11-06-2018 - 21:29 | |
CVE-2016-5290 | 7.5 |
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
|
30-07-2018 - 12:35 | 11-06-2018 - 21:29 | |
CVE-2018-1054 | 5.0 |
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially
|
17-07-2018 - 01:29 | 07-03-2018 - 13:29 | |
CVE-2012-6662 | 4.3 |
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not prope
|
14-07-2018 - 01:29 | 24-11-2014 - 16:59 | |
CVE-2014-9653 | 7.5 |
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers t
|
16-06-2018 - 01:29 | 30-03-2015 - 10:59 | |
CVE-2015-3246 | 7.2 |
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the
|
20-05-2018 - 01:29 | 11-08-2015 - 14:59 | |
CVE-2016-5240 | 4.3 |
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
|
18-05-2018 - 01:29 | 27-02-2017 - 22:59 | |
CVE-2017-14496 | 7.8 |
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
|
11-05-2018 - 01:29 | 03-10-2017 - 01:29 | |
CVE-2017-7890 | 4.3 |
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitia
|
04-05-2018 - 01:29 | 02-08-2017 - 19:29 | |
CVE-2016-10168 | 6.8 |
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
|
04-05-2018 - 01:29 | 15-03-2017 - 15:59 | |
CVE-2017-6464 | 4.0 |
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
|
12-04-2018 - 01:29 | 27-03-2017 - 17:59 | |
CVE-2017-11671 | 2.1 |
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDS
|
12-04-2018 - 01:29 | 26-07-2017 - 21:29 | |
CVE-2016-3948 | 5.0 |
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
|
16-03-2018 - 01:29 | 07-04-2016 - 18:59 | |
CVE-2016-5320 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descr
|
12-03-2018 - 02:29 | 12-03-2018 - 02:29 | |
CVE-2015-3315 | 7.2 |
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-r
|
19-02-2018 - 02:29 | 26-06-2017 - 15:29 | |
CVE-2017-1000250 | 3.3 |
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the proces
|
17-02-2018 - 02:29 | 12-09-2017 - 17:29 | |
CVE-2017-16844 | 10.0 |
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcode
|
04-02-2018 - 02:29 | 16-11-2017 - 15:29 | |
CVE-2016-4449 | 5.8 |
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con
|
18-01-2018 - 18:18 | 09-06-2016 - 16:59 | |
CVE-2014-4338 | 4.0 |
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access t
|
08-01-2018 - 15:22 | 22-06-2014 - 21:55 | |
CVE-2017-9148 | 7.5 |
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 80
|
05-01-2018 - 02:31 | 29-05-2017 - 17:29 | |
CVE-2017-5486 | 7.5 |
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
|
05-01-2018 - 02:31 | 28-01-2017 - 01:59 | |
CVE-2017-7486 | 5.0 |
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
|
05-01-2018 - 02:31 | 12-05-2017 - 19:29 | |
CVE-2017-7869 | 5.0 |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is
|
05-01-2018 - 02:31 | 14-04-2017 - 04:59 | |
CVE-2017-7207 | 4.3 |
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
|
05-01-2018 - 02:31 | 21-03-2017 - 06:59 | |
CVE-2017-7870 | 7.5 |
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
|
05-01-2018 - 02:31 | 14-04-2017 - 04:59 | |
CVE-2017-9242 | 4.9 |
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via craft
|
05-01-2018 - 02:31 | 27-05-2017 - 01:29 | |
CVE-2017-3289 | 6.8 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated at
|
05-01-2018 - 02:31 | 27-01-2017 - 22:59 | |
CVE-2016-7545 | 7.2 |
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
|
05-01-2018 - 02:31 | 19-01-2017 - 20:59 | |
CVE-2016-9540 | 7.5 |
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
|
05-01-2018 - 02:31 | 22-11-2016 - 19:59 | |
CVE-2016-5768 | 7.5 |
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial o
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
CVE-2016-9808 | 5.0 |
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
|
05-01-2018 - 02:31 | 13-01-2017 - 16:59 | |
CVE-2016-9809 | 6.8 |
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
|
05-01-2018 - 02:31 | 13-01-2017 - 16:59 | |
CVE-2017-3272 | 6.8 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthent
|
05-01-2018 - 02:31 | 27-01-2017 - 22:59 | |
CVE-2016-9084 | 4.6 |
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device fil
|
05-01-2018 - 02:31 | 28-11-2016 - 03:59 | |
CVE-2016-9813 | 4.3 |
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
|
05-01-2018 - 02:31 | 13-01-2017 - 16:59 | |
CVE-2016-8602 | 6.8 |
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty o
|
05-01-2018 - 02:31 | 14-04-2017 - 18:59 | |
CVE-2016-6313 | 5.0 |
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 46
|
05-01-2018 - 02:31 | 13-12-2016 - 20:59 | |
CVE-2016-5424 | 4.6 |
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \
|
05-01-2018 - 02:31 | 09-12-2016 - 23:59 | |
CVE-2015-8158 | 4.3 |
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. <a href="http://cwe.mitre.org/data/definitions/835
|
05-01-2018 - 02:30 | 30-01-2017 - 21:59 | |
CVE-2015-7496 | 7.2 |
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
|
05-01-2018 - 02:30 | 24-11-2015 - 20:59 | |
CVE-2015-8868 | 9.3 |
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mo
|
05-01-2018 - 02:30 | 06-05-2016 - 17:59 | |
CVE-2015-5366 | 5.0 |
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect chec
|
05-01-2018 - 02:30 | 31-08-2015 - 10:59 | |
CVE-2016-2842 | 10.0 |
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memo
|
05-01-2018 - 02:30 | 03-03-2016 - 20:59 | |
CVE-2016-3044 | 4.9 |
The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors.
|
05-01-2018 - 02:30 | 01-12-2016 - 11:59 | |
CVE-2015-3216 | 4.3 |
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause
|
05-01-2018 - 02:30 | 07-07-2015 - 10:59 | |
CVE-2016-3191 | 7.5 |
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arb
|
05-01-2018 - 02:30 | 17-03-2016 - 23:59 | |
CVE-2015-2830 | 1.9 |
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the
|
05-01-2018 - 02:30 | 27-05-2015 - 10:59 | |
CVE-2015-2327 | 7.5 |
PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other i
|
05-01-2018 - 02:30 | 02-12-2015 - 01:59 | |
CVE-2016-10002 | 5.0 |
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack req
|
05-01-2018 - 02:30 | 27-01-2017 - 17:59 | |
CVE-2014-9680 | 2.1 |
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demo
|
05-01-2018 - 02:29 | 24-04-2017 - 06:59 | |
CVE-2017-13090 | 9.3 |
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative
|
30-12-2017 - 02:29 | 27-10-2017 - 19:29 | |
CVE-2014-3430 | 5.0 |
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an I
|
29-12-2017 - 02:29 | 14-05-2014 - 19:55 | |
CVE-2014-1545 | 10.0 |
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. Per: http://cwe.mitre.org/data/defini
|
28-12-2017 - 02:29 | 11-06-2014 - 10:57 | |
CVE-2014-0240 | 6.2 |
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of runnin
|
21-12-2017 - 02:29 | 27-05-2014 - 14:55 | |
CVE-2017-7555 | 7.5 |
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, le
|
09-12-2017 - 02:29 | 17-08-2017 - 19:29 | |
CVE-2014-9130 | 5.0 |
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
|
09-12-2017 - 02:29 | 08-12-2014 - 16:59 | |
CVE-2016-0773 | 5.0 |
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a
|
09-12-2017 - 02:29 | 17-02-2016 - 15:59 | |
CVE-2017-1000380 | 2.1 |
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed
|
06-12-2017 - 02:29 | 17-06-2017 - 18:29 | |
CVE-2017-13744 | 4.3 |
There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0.
|
02-12-2017 - 02:29 | 29-08-2017 - 06:29 | |
CVE-2016-1286 | 5.0 |
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
|
21-11-2017 - 02:29 | 09-03-2016 - 23:59 | |
CVE-2014-3511 | 4.3 |
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both sup
|
15-11-2017 - 02:29 | 13-08-2014 - 23:55 | |
CVE-2014-3567 | 7.1 |
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an
|
15-11-2017 - 02:29 | 19-10-2014 - 01:55 | |
CVE-2015-5477 | 7.8 |
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
|
10-11-2017 - 02:29 | 29-07-2015 - 14:59 | |
CVE-2015-8472 | 7.5 |
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or
|
04-11-2017 - 01:29 | 21-01-2016 - 15:59 | |
CVE-2016-1979 | 6.8 |
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly h
|
04-11-2017 - 01:29 | 13-03-2016 - 18:59 | |
CVE-2015-0206 | 5.0 |
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading
|
20-10-2017 - 01:29 | 09-01-2015 - 02:59 | |
CVE-2015-7837 | 2.1 |
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secur
|
05-10-2017 - 14:43 | 19-09-2017 - 16:29 | |
CVE-2015-1159 | 4.3 |
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.
|
23-09-2017 - 01:29 | 26-06-2015 - 10:59 | |
CVE-2015-4696 | 4.3 |
Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After F
|
22-09-2017 - 01:29 | 01-07-2015 - 14:59 | |
CVE-2014-1569 | 7.5 |
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers
|
22-09-2017 - 01:29 | 15-12-2014 - 18:59 | |
CVE-2015-0816 | 5.0 |
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the a
|
17-09-2017 - 01:29 | 01-04-2015 - 10:59 | |
CVE-2015-5261 | 3.6 |
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
|
16-09-2017 - 01:29 | 07-06-2016 - 14:06 | |
CVE-2014-9278 | 4.0 |
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass in
|
08-09-2017 - 01:29 | 06-12-2014 - 15:59 | |
CVE-2014-9112 | 5.0 |
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
|
08-09-2017 - 01:29 | 02-12-2014 - 16:59 | |
CVE-2014-0191 | 4.3 |
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless
|
29-08-2017 - 01:34 | 21-01-2015 - 14:59 | |
CVE-2016-7795 | 4.9 |
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.
|
28-07-2017 - 01:29 | 13-10-2016 - 14:59 | |
CVE-2016-1248 | 6.8 |
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
|
28-07-2017 - 01:29 | 23-11-2016 - 15:59 | |
CVE-2014-8738 | 5.0 |
The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.
|
01-07-2017 - 01:29 | 15-01-2015 - 15:59 | |
CVE-2015-3187 | 4.0 |
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node tha
|
01-07-2017 - 01:29 | 12-08-2015 - 14:59 | |
CVE-2015-5214 | 6.8 |
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC
|
01-07-2017 - 01:29 | 10-11-2015 - 17:59 | |
CVE-2014-0172 | 6.8 |
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
|
01-07-2017 - 01:29 | 11-04-2014 - 15:55 | |
CVE-2016-7050 | 7.5 |
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
|
16-06-2017 - 12:03 | 08-06-2017 - 19:29 | |
CVE-2016-5410 | 2.1 |
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
|
25-04-2017 - 14:59 | 19-04-2017 - 14:59 | |
CVE-2016-4989 | 6.9 |
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a
|
17-04-2017 - 16:36 | 11-04-2017 - 18:59 | |
CVE-2016-4445 | 6.9 |
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatu
|
17-04-2017 - 13:16 | 11-04-2017 - 18:59 | |
CVE-2014-4877 | 9.3 |
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two
|
17-02-2017 - 02:59 | 29-10-2014 - 10:55 | |
CVE-2016-5361 | 5.0 |
programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1
|
18-01-2017 - 02:59 | 16-06-2016 - 14:59 | |
CVE-2014-4039 | 2.1 |
ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var
|
07-01-2017 - 03:00 | 17-06-2014 - 15:55 | |
CVE-2014-3609 | 5.0 |
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
|
07-01-2017 - 03:00 | 11-09-2014 - 18:55 | |
CVE-2014-5031 | 5.0 |
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
|
07-01-2017 - 03:00 | 29-07-2014 - 14:55 | |
CVE-2014-8500 | 7.8 |
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referra
|
03-01-2017 - 02:59 | 11-12-2014 - 02:59 | |
CVE-2014-7823 | 5.0 |
The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.
|
03-01-2017 - 02:59 | 13-11-2014 - 21:32 | |
CVE-2014-8090 | 5.0 |
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string
|
03-01-2017 - 02:59 | 21-11-2014 - 15:59 | |
CVE-2014-8108 | 5.0 |
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a
|
03-01-2017 - 02:59 | 18-12-2014 - 15:59 | |
CVE-2015-5330 | 5.0 |
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending craft
|
31-12-2016 - 02:59 | 29-12-2015 - 22:59 | |
CVE-2015-5722 | 7.8 |
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name
|
31-12-2016 - 02:59 | 05-09-2015 - 02:59 | |
CVE-2015-3983 | 4.3 |
The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was
|
31-12-2016 - 02:59 | 14-05-2015 - 14:59 | |
CVE-2015-1804 | 8.5 |
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds
|
31-12-2016 - 02:59 | 20-03-2015 - 14:59 | |
CVE-2015-3279 | 7.5 |
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buff
|
28-12-2016 - 02:59 | 14-07-2015 - 16:59 | |
CVE-2015-2775 | 7.6 |
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
|
24-12-2016 - 02:59 | 13-04-2015 - 14:59 | |
CVE-2014-1594 | 6.8 |
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicConta
|
24-12-2016 - 02:59 | 11-12-2014 - 11:59 | |
CVE-2016-7091 | 4.9 |
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted
|
23-12-2016 - 18:17 | 22-12-2016 - 21:59 | |
CVE-2015-6908 | 5.0 |
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
|
22-12-2016 - 03:00 | 11-09-2015 - 16:59 | |
CVE-2014-8241 | 7.5 |
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
|
20-12-2016 - 02:59 | 14-12-2016 - 22:59 | |
CVE-2014-3660 | 5.0 |
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing
|
08-12-2016 - 03:05 | 04-11-2014 - 16:55 | |
CVE-2015-5281 | 2.6 |
The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in t
|
07-12-2016 - 18:16 | 24-11-2015 - 20:59 | |
CVE-2015-2924 | 3.3 |
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Adverti
|
07-12-2016 - 18:10 | 16-11-2015 - 21:59 | |
CVE-2012-2150 | 5.0 |
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.
|
07-12-2016 - 03:00 | 25-08-2015 - 17:59 | |
CVE-2016-0774 | 5.6 |
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do
|
03-12-2016 - 03:18 | 27-04-2016 - 17:59 | |
CVE-2015-2704 | 5.0 |
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.
|
03-12-2016 - 03:05 | 18-05-2015 - 15:59 | |
CVE-2014-8602 | 4.3 |
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
|
28-11-2016 - 19:13 | 11-12-2014 - 02:59 | |
CVE-2015-4496 | 9.3 |
Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538.
|
15-11-2016 - 20:10 | 16-08-2015 - 01:59 | |
CVE-2014-5120 | 6.4 |
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1)
|
26-10-2016 - 02:00 | 23-08-2014 - 01:55 | |
CVE-2014-3634 | 7.5 |
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an
|
18-10-2016 - 03:44 | 02-11-2014 - 00:55 | |
CVE-2016-0741 | 7.8 |
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
|
12-10-2016 - 02:01 | 19-04-2016 - 21:59 | |
CVE-2014-7300 | 7.2 |
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstati
|
31-08-2016 - 15:08 | 25-12-2014 - 21:59 | |
CVE-2014-6410 | 4.7 |
The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UD
|
23-08-2016 - 02:08 | 28-09-2014 - 10:55 | |
CVE-2014-3686 | 6.8 |
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
|
27-07-2016 - 01:59 | 16-10-2014 - 00:55 | |
CVE-2014-9447 | 6.4 |
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using
|
18-04-2015 - 01:59 | 02-01-2015 - 20:59 | |
CVE-2014-4040 | 5.0 |
snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain
|
12-03-2015 - 01:59 | 17-06-2014 - 15:55 | |
CVE-2014-6432 | 5.0 |
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial
|
05-11-2014 - 08:28 | 20-09-2014 - 10:55 | |
CVE-2014-5033 | 6.9 |
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (
|
16-10-2014 - 07:22 | 19-08-2014 - 18:55 | |
CVE-2014-6269 | 5.0 |
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out
|
02-10-2014 - 18:31 | 30-09-2014 - 14:55 |