Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3439 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as. | |||||
CVE-2015-3011 | 2 Debian, Owncloud | 2 Debian Linux, Owncloud | 2024-02-04 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact. | |||||
CVE-2016-6525 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | |||||
CVE-2016-5337 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information. | |||||
CVE-2015-3152 | 5 Debian, Fedoraproject, Mariadb and 2 more | 11 Debian Linux, Fedora, Mariadb and 8 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. | |||||
CVE-2016-5338 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS administrators to cause a denial of service (QEMU process crash) or execute arbitrary code on the QEMU host via vectors related to the information transfer buffer. | |||||
CVE-2016-1835 | 3 Apple, Canonical, Debian | 4 Iphone Os, Mac Os X, Ubuntu Linux and 1 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document. | |||||
CVE-2015-2922 | 5 Debian, Fedoraproject, Linux and 2 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-02-04 | 3.3 LOW | N/A |
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | |||||
CVE-2016-0753 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. | |||||
CVE-2016-0787 | 4 Debian, Fedoraproject, Libssh2 and 1 more | 4 Debian Linux, Fedora, Libssh2 and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug." | |||||
CVE-2014-9771 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. | |||||
CVE-2016-0505 | 6 Canonical, Debian, Mariadb and 3 more | 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. | |||||
CVE-2014-9655 | 2 Debian, Remotesensing | 2 Debian Linux, Libtiff | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif. | |||||
CVE-2016-1675 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp. | |||||
CVE-2015-5345 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. | |||||
CVE-2015-1253 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 7.5 HIGH | N/A |
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. | |||||
CVE-2015-3146 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. | |||||
CVE-2015-1259 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 7.5 HIGH | N/A |
PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2015-8783 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. | |||||
CVE-2015-1254 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 5.0 MEDIUM | N/A |
core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. |