Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1680 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2015-7236 | 4 Canonical, Debian, Oracle and 1 more | 4 Ubuntu Linux, Debian Linux, Solaris and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. | |||||
CVE-2015-5623 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 4.0 MEDIUM | N/A |
WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php. | |||||
CVE-2015-5727 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |||||
CVE-2016-0606 | 6 Canonical, Debian, Mariadb and 3 more | 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more | 2024-02-04 | 3.5 LOW | N/A |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. | |||||
CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2024-02-04 | 4.3 MEDIUM | 3.7 LOW |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||
CVE-2016-5107 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-02-04 | 1.9 LOW | 6.0 MEDIUM |
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. | |||||
CVE-2014-9764 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. | |||||
CVE-2015-4813 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2024-02-04 | 2.1 LOW | N/A |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. | |||||
CVE-2016-3070 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. | |||||
CVE-2016-3162 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-04 | 6.5 MEDIUM | 8.1 HIGH |
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. | |||||
CVE-2016-7176 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via a crafted packet. | |||||
CVE-2016-4952 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-02-04 | 1.9 LOW | 6.0 MEDIUM |
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vectors related to the (1) PVSCSI_CMD_SETUP_RINGS or (2) PVSCSI_CMD_SETUP_MSG_RING SCSI command. | |||||
CVE-2015-5174 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. | |||||
CVE-2015-8837 | 3 Debian, Fedoraproject, Fuseiso Project | 3 Debian Linux, Fedora, Fuseiso | 2024-02-04 | 6.8 MEDIUM | 7.3 HIGH |
Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. | |||||
CVE-2013-7458 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2024-02-04 | 2.1 LOW | 3.3 LOW |
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. | |||||
CVE-2014-9745 | 4 Canonical, Debian, Freetype and 1 more | 4 Ubuntu Linux, Debian Linux, Freetype and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. | |||||
CVE-2016-7568 | 3 Debian, Libgd, Php | 3 Debian Linux, Libgd, Php | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. | |||||
CVE-2016-1231 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path. | |||||
CVE-2016-2849 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. |