Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1255 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-04 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. | |||||
CVE-2016-7401 | 3 Canonical, Debian, Djangoproject | 3 Ubuntu Linux, Debian Linux, Django | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | |||||
CVE-2016-2533 | 3 Debian, Python, Python Imaging Project | 3 Debian Linux, Pillow, Python Imaging | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. | |||||
CVE-2016-0655 | 5 Debian, Mariadb, Opensuse and 2 more | 5 Debian Linux, Mariadb, Leap and 2 more | 2024-02-04 | 3.5 LOW | 4.7 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB. | |||||
CVE-2015-6855 | 6 Arista, Canonical, Debian and 3 more | 7 Eos, Ubuntu Linux, Debian Linux and 4 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash. | |||||
CVE-2014-9747 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. | |||||
CVE-2016-1670 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-02-04 | 2.6 LOW | 5.3 MEDIUM |
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. | |||||
CVE-2015-3429 | 3 Automattic, Debian, Wordpress | 3 Genericons, Debian Linux, Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. | |||||
CVE-2016-4441 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-02-04 | 2.1 LOW | 6.0 MEDIUM |
The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. | |||||
CVE-2016-2058 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow (1) remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or (2) remote authenticated users to inject arbitrary web script or HTML via an acknowledgement message, which is not properly handled in the "status" page. | |||||
CVE-2016-1658 | 4 Debian, Google, Novell and 1 more | 4 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 1 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. | |||||
CVE-2016-5300 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Android and 1 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. | |||||
CVE-2015-5343 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2024-02-04 | 8.0 HIGH | 7.6 HIGH |
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. | |||||
CVE-2015-8782 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. | |||||
CVE-2015-5726 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | |||||
CVE-2016-8864 | 4 Debian, Isc, Netapp and 1 more | 11 Debian Linux, Bind, Data Ontap Edge and 8 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. | |||||
CVE-2015-2643 | 6 Canonical, Debian, Mariadb and 3 more | 12 Ubuntu Linux, Debian Linux, Mariadb and 9 more | 2024-02-04 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||||
CVE-2016-4079 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. | |||||
CVE-2016-3521 | 5 Canonical, Debian, Ibm and 2 more | 6 Ubuntu Linux, Debian Linux, Powerkvm and 3 more | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. | |||||
CVE-2012-6702 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Android and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. |