Total
152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7500 | 6 Apple, Canonical, Debian and 3 more | 13 Iphone Os, Mac Os X, Tvos and 10 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | |||||
| CVE-2014-4343 | 3 Debian, Mit, Redhat | 6 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 3 more | 2025-04-12 | 7.6 HIGH | N/A |
| Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. | |||||
| CVE-2016-3068 | 6 Debian, Fedoraproject, Mercurial and 3 more | 14 Debian Linux, Fedora, Mercurial and 11 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. | |||||
| CVE-2015-4603 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue. | |||||
| CVE-2015-0251 | 5 Apache, Apple, Opensuse and 2 more | 9 Subversion, Xcode, Opensuse and 6 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. | |||||
| CVE-2014-4342 | 3 Debian, Mit, Redhat | 7 Debian Linux, Kerberos, Kerberos 5 and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. | |||||
| CVE-2012-6662 | 2 Jqueryui, Redhat | 5 Jquery Ui, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. | |||||
| CVE-2016-7091 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2025-04-12 | 4.9 MEDIUM | 4.4 MEDIUM |
| sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. | |||||
| CVE-2014-9667 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. | |||||
| CVE-2014-8241 | 2 Redhat, Tigervnc | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. | |||||
| CVE-2016-4809 | 3 Libarchive, Oracle, Redhat | 9 Libarchive, Linux, Enterprise Linux Desktop and 6 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. | |||||
| CVE-2016-0616 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||||
| CVE-2016-3069 | 6 Debian, Fedoraproject, Mercurial and 3 more | 14 Debian Linux, Fedora, Mercurial and 11 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. | |||||
| CVE-2015-3329 | 4 Apple, Oracle, Php and 1 more | 11 Mac Os X, Linux, Solaris and 8 more | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. | |||||
| CVE-2015-4836 | 4 Novell, Opensuse, Oracle and 1 more | 16 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 13 more | 2025-04-12 | 2.8 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | |||||
| CVE-2015-7499 | 7 Apple, Canonical, Debian and 4 more | 15 Iphone Os, Mac Os X, Tvos and 12 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | |||||
| CVE-2016-0606 | 6 Canonical, Debian, Mariadb and 3 more | 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. | |||||
| CVE-2016-0758 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data. | |||||
| CVE-2015-0236 | 4 Canonical, Mageia, Opensuse and 1 more | 8 Ubuntu Linux, Mageia, Opensuse and 5 more | 2025-04-12 | 3.5 LOW | N/A |
| libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. | |||||
| CVE-2016-0546 | 6 Canonical, Debian, Mariadb and 3 more | 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more | 2025-04-12 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name. | |||||